Description
RESPONSIBILITIES
· Serve as a security expert in networks, endpoints, and enterprise applications efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
· Manage vulnerability assessments on various types of networks and topologies;
· Execute risk and vulnerability assessments and remediation activities.
· Conduct penetration testing on IT infrastructure.
· Analyze output from network vulnerability assessments, recommend mitigation strategies and resolve any security incidents through work with pertinent business departments.
· Review and provide feedback on security plans and procedures regarding all aspects of LAN, WAN or MANs, as applicable;
· Review and provide input into networks and endpoints designs to ensure compliance with security and enterprise architecture.
· Review in-house and 3rd-party applications/code for security vulnerabilities and best practices.
· Build/enhance security architecture and configure networks and endpoints to enhance the security posture of the enterprise.
· Research, design, and advocate new technologies, architectures, and security
products that will support security requirements for the enterprise and its customers,
business partners, and vendors.
· Participate in Software Development Lifecycle: code review, QA security testing, launches, etc.
· Develop and/or implement automated security testing tools where possible.
· Participate in the development of security-related tools and applications, such as multi-platform cookie-based authentication and internal security libraries/frameworks.
· Train engineers on common security problems and best practices for writing secure code.
· Performs hands-on testing of applications, as well as building and enforce information risk management requirements and structure, including providing practical secure architecture skills and developing and implementing Information Security best practices.
· Lead and execute projects on our security roadmap.
· Adhere to existing risk management frameworks, such as COBIT, ITIL, and ISO 27002.
· Participate in managing incident response for network security events.
· Develop and maintain IT security policies.
· Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the IT security branch.
MINIMUM QUALIFICATIONS, KNOWLEDGE, SKILLS, AND ABILITIES:
Formal Education & Certification
· Bachelor's degree in information technology, Computer Sciences or equivalent. Master’s degree desirable
· Possessing at least one professional security certification such as CISSP, CISM, CISA or similar.
Knowledge & Experience
· 7 years or more of professional experience in IT security including security policy development, security architecture models, and information security regulatory compliance
· Must have the knowledge of IT security technologies such as firewalls, intrusion detections systems, antivirus, patch management, etc., and the interest and experience to work on security policy and architecture
· Hands-on experience with the following technologies: enterprise system administration across multiple operating systems, IPS management (i.e., Cisco ASA, Palo Alto, TrendMicro), vulnerability scanning applications, Splunk
· Experience in engineering and enterprise system administration roles.
· Experience developing a standard set of metrics that measure our security posture on a
monthly/weekly basis.
· Proven experience developing security policies, procedures, risk registers and incident
response plans
· Intermediate to advanced knowledge of information security concepts.
· Experience with one or more applications development languages such as Python, Go, Ruby on Rails, Java, C/C++, .NET.
· Solid knowledge of and experience with secure web architectures, tools and processes
· Knowledge of network architecture and design, network Security, wireless Security and client/server security. Very strong computer networking skills and understanding of networking protocols.
· Security of virtual machine environments is highly desirable.
· Expert knowledge and hands-on experience of vulnerability assessment/network discovery and associated tools
· Understands infrastructure monitoring
· Expert in securing Linux and Windows systems.
· Experience with various types of firewalls and technologies
· Demonstrated process improvement experience
· Previous application development experience is very helpful for secure code reviews
· Hands-on experience using multiple Amazon Web Services and Azure technologies to support an enterprise environment.
· Prior experience as a team lead or role mentoring junior team members.
· Experience with threat detection and incident management for web applications
Skills & Abilities
· Basic skills needed include:
- Secure solutions development
- Middleware security
- N-tier apps dev infrastructure
- Compliance – PCI, GLB, GLBA, CMMC. GDPR, etc.
- Risk management and security risk assessments
- Code review, reverse engineering
- API’s and protocols
- Authentication and authorization. SSO (Single Sign On), MFA (Multi- Factor Auth.).
· Enterprise aware (change control, downstream impacts, understanding of cause and effect, change windows, etc.)
· Recognized as a strategic thinker and is results oriented
· Demonstrated effective strong team player and self-motivator. Ability to work and interface internally with an IT and other functional support groups with minimal guidance
· Demonstrated successful experience in a customer-facing role
· Demonstrated communicator both written and verbal, with effective presentation delivery and meeting facilitation
· Demonstrated effective time management, organizational and documentation skills
· Good analytical and troubleshooting skills with strong attention to detail
Education
Bachelor's degree in information technology, Computer Sciences
- Posted On: 8 days Ago
- Experience: 5-10 years of experience
- Availability: Remote
- Openings: 1
- Category: Senior Security Engineer.
- Tenure: Full-Time Position