Job Description
An Exciting Opportunity for ...
The security engineer will assist with formalized information security tools and processes, such as vulnerability management, event monitoring, data loss prevention and incident response and interpreting outputs from such tools.
You will be responsible for detecting and mitigating security vulnerabilities in software/infrastructure design and implementation, analyzing software architecture for uniformity with security policies, as well as implement any new security programs and processes.
A key aspect of this position is collaborating with other cross-functional teams to mitigate open issues, incidents or enhancements to better protect our customers, associates, and owners.
Job Requirements
Any of the following or equivalent certifications: CISSP, Security+, Certified Ethical Hacker
• Bachelor’s degree in Computer Science, Information Technology or similar field, or equivalent experience.
• Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment.
• Knowledge of email security gateway, cloud and virtual technologies.
• Bachelor's degree or equivalent combination of education or experience
• 3 – 5 years of experience in a security, network, or infrastructure role focused on information audit or security
• In-depth knowledge of mapping business requirements to technology and ability to identify security gaps at the architecture level.
• Knowledge of common security vulnerabilities such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.
• Knowledge of the HTTP protocol, including analyzing the request/response.
• Demonstrated experience with commercial and open source testing and auditing tools such as Paros, BURP, nmap, and Metasploit.
• Proven ability to clearly document and communicate security findings, risk description, risk level, and recommended solutions to stakeholders.
• Understanding of networking, operating systems such as Linux and Windows.
• Demonstrated knowledge of security industry standards and best practices such as OWASP and NIST.
• Excellent interpersonal, analytical and problem-solving skills.
• GCIA, GNFA, CISSP, CEH, or other relevant certification preferred