About the role:
Sr. Security Engineer plays a key role in completing our mission every day by ensuring that we deploy new infrastructure and technologies in a safe and secure manner. Reporting directly to Director of Information Security, the Senior Engineer takes charge of the selection and deployment of world-class cyber security tools. The Senior Engineer also acts as the chief evangelist for cyber security throughout Information Technology, consulting with the applications development and infrastructure teams on secure systems and applications design.
What you will do:
- Procure and implement new cyber security technology - Ensuring that technologies are procured within budget and delivered to the company in a timely manner.
- Consult with colleagues throughout Information Technology - Ensure that new applications and infrastructure are secure from the project initiation phase.
- Vulnerability Management & Penetration Testing - Strong knowledge of network and web application exploitation, ethical hacking, penetration testing, computer forensics and tool development. Configures, schedules, manages and reviews internal and external network and application vulnerability scans and penetration tests. Monitors and reviews industry related vulnerabilities reviewing findings with appropriate teams, creating remediation plans and tracks and reports on progress
- Secure Development - Build strong relationships and be deeply embedded within product management and software engineering team. The Senior Security Engineer will drive the design and adoption of secure software development lifecycle practices across the areas of secure architecture and design, secure coding, security testing, and secure software release management.
- Cloud Security - Build a secure cloud environment and help drive the adoption of secure coding and deployment practices in AWS.
- Incident & Cyber Threat Management - Works with the appropriate teams to ensure all appropriate data is aggregated into the logging and monitoring tool and that the appropriate reports are produced and reviewed.
- Infrastructure Security - Works closely with the Infrastructure and Application Development teams to ensure proper configurations are implemented and tested on WAF, FW, IDS/IPS and platform
- Patch Management and End-Point Protection - Reviews all patches and updates released related to the operating systems used. This includes but is not limited to standard operating systems, hardware bios and firmware, appliances and any other mission critical systems or services. Plan and coordinate routine and emergency outage windows through coordination with Information technology and business units and communications to co-workers and consultants.
- Training & Awareness - Assist with the development of security awareness programs and the associated training
- Data preparation and gathering for audits - Works closely with infrastructure and engineering team in technology to gather information and the appropriate business units to compile all documentation and reporting as required.
Skills you will need:
Technology you will use:
WAF, Static Code analysis, Qualys, Whitehat, AWS, Internet Secure Gateway, Checkmarx, DLP