Senior Information Security Engineer

• Ensures security infrastructure processes, concepts, and maintenance are incorporated into systems, software, and hardware platforms in accordance with approved internal standards.
• Provides technical input to projects along with implementation support to network services and infrastructure design teams.
• Performs maintenance of security infrastructure to include updates and patching of software and hardware.
• Maintains a comprehensive and in depth, component level understanding of all IT systems, data flows, applications, technologies, security controls, threats, weaknesses and countermeasures.
• Maintains a corresponding understanding of standards (i.e., Payment Card Industry, Card Association, and Data Protection).
• Supports information security governance, risk management and compliance programs which include security assessments and on-site reviews, security gap remediation, security incident support, audit support functions, business process and project consultancy and security education and awareness.
• Member of the incident response team to include detecting, responding and containing internal and external cyber-attacks across the enterprise and complex security and internal fraud investigations. Ensures activities are recorded for post mortems, compliance and/or legal evidence.
• Designs and develops secure IT solutions and control frameworks using network segmentation, gateway security, specialist security tools (including but not limited to, event monitoring, data loss, vulnerability and malware protection, app firewall).
• Researches, evaluates and recommends information security hardware and software, and creates business cases for security investments.
• Stay abreast of new threat trends, vulnerabilities, and attack and defense methodologies
• Participates in an 24×7 on-call rotation
• Other duties as assigned.

Minimum Qualifications

• Bachelor’s Degree
• Relevant Experience or Degree in: Computer Science, Information Technology or related field and/or the equivalent of training and experience
• Typically a minimum of 4 years relevant experience
• Written code to automate security related tasks (Python/Powershell/Ruby/Bash/etc)
• Experience with cloud technologies: AWS, Azure, Google Compute Engine
• Experience with securing and hardening Windows, Linux, macOS
• Experience with networking protocols and technologies: TCP/IP, routers, firewalls, VPN, load balancers
• Experience with on premise and cloud based security technologies: end point protection, hardware security modules, sandboxes, SIEM, web application firewall, intrusion detection systems, intrusion prevention systems, web proxies, wireless intrusion prevention systems, and file integrity monitoring.

Preferred Qualifications

• Bachelor’s Degree
• Computer Science, Information Technology or related field and/or the equivalent of training and experience
• Involvement in the security community: contribution to open source projects, speaking at conferences, competing in CTFs, etc.
• Experience with securing cloud technologies AWS, Azure, Google Compute Engine
• Programming experience in Python, C/C++, Java, .Net, Powershell, Ruby, or Go
• Certification from SANS/GIAC, Offensive Security, ISC2, and other security industry organizations