Senior Security Engineer- Vulnerability (No C2C)

SUMMARY OF POSITION

The Senior Security Engineer will design, install, configure, and maintain a set of security tools and serve as the Subject Matter Expertise (SME) for those security tools. The Senior Security Engineer will be focused on Application security and ensures that all applications and services are secured, implemented with security best practices, and build monitoring capabilities. The person will collaborate with other IT teams in building secure applications and services.

PRINCIPAL RESPONSIBILITIES

• Conduct system security, vulnerability analyses, and risk assessments; identify integration issues.

• Use technical knowledge of current attacks to identify flaws and weaknesses in the composition and design of networks, remote access schemes, systems, and applications to specify solutions, verify the solutions that have been implemented, and rapidly adjust designs based on new threat and attack information as acquired.

• Provide subject matter expertise on vulnerability risk, remediation, and mitigating actions; partner with System Engineers, Application Development teams, and Architects in remediating the vulnerabilities.

• Provide engineering support, troubleshooting, and evaluation of preventative and detective security technologies such as:

o Malware detection, web/email content filtering, file integrity monitoring, and vulnerability management.

• Maintain security posture by monitoring and ensuring IT Security compliance to standards, policies, and procedures.

• Generate and document operational processes, procedures, and incident response plans where necessary.

PRINCIPAL JOB REQUIREMENTS

• Minimum 6 years of experience in working with Vulnerability Management technologies.

• Minimum 6 years of experience in assisting with Enterprise Vulnerability Management Program.

• Ability to identify known vulnerabilities and configuration baseline standard deviations in the environment by operating the vulnerability management platform.

• Experience with performing risk assessment of vulnerabilities by correlating asset/vulnerability data from various sources.

• Advanced knowledge of malware, emerging threats, attacks, and vulnerability management.

• Experience designing, deploying, configuring, supporting, troubleshooting, debugging, and administering Cyber Security Products (Vulnerability Management tools, File Integrity Monitor, Web Proxy, Intrusion Detection Systems/Intrusion Prevention Systems, etc.).

• Thorough understanding of network protocols such as TCP/IP and web protocols (HTTP/HTTPS).

• Working knowledge of change management technologies.

• Fundamental knowledge of different operating systems (LINUX, Windows, etc.).

• Ability to initiate and complete assignments accurately and on time, with minimal supervision.

• Ability to work effectively with vendor technical support channels.

• Working knowledge of data security controls, protocols, and methods.

• Strong written and oral communication skills.

• Ability to effectively lead and influence others without direct managerial authority within an inclusive work environment, using collaboration, coordination, and self-motivation.

• Ability to listen and integrate ideas from diverse groups of individuals, build and maintain respectful relationships, collaborate with others, and resolve conflicts constructively.

• Bachelor’s degree in related field preferred.

• Experience supporting IT service delivery in a highly-regulated and audited environment preferred.

• Proof of eligibility to work in the United States.