The Security Engineer implements, runs and maintains various security tooling in our security team. The Security Engineer is a subject matter expert in one or more security tools. The Security Engineer interacts with other teams to enable integration and implementation of the tool, as needed. The Security Engineer documents architectures and processes related to the tooling, and keeps them current.
- The main focus for the position is running Security Tools, but a strong knowledge of systems in the cloud, on-prem systems and networking is required, at least on a conceptual level.
- Can assist in the review, monitoring and/or auditing of applicable daily Security Log Activity and Events. Take action as necessary; escalate to senior staff if required. Logs could include, but are not limited to the following:
- Vulnerability Scans – Kubernetes/Containers
- Vulnerability Scans – Database
- Vulnerability Scans – PCI ASV
- Active Directory Changes
- User Activity
- Netflow Analytics
- Firewall and ACL Changes
- DAST Scan Results (e.g. Acunetix, Burp Suite, Nessus, etc)
- Group Policy Changes
- Cloud security tooling
- Where needed, update or create documentation for security tools, such as SOPs, architecture documentation
- Support our compliance programs (such as PCI) by helping implementing and documenting controls, examining evidence for compliance to standards.
- Conduct Risk Assessments in accordance with Policies and Standards; Document, and work with business units to remediate findings.
- This position may require on-call activities at off-hours
Knowledge, Skills and Abilities:
- Possess an understanding of PCI Compliance and EU GDPR Requirements
- Strong knowledge of multiple security tools for both Cloud and On-Prem scenarios.
- Good knowledge of AWS (Amazon Web Services),GCP (Google Cloud Platform), Azure, or other cloud platforms and related technologies is strongly desired.
- Provide support for strategic business process/reengineering consulting as appropriate and work on multiple technically complex high profile projects.
- Demonstrate an understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance.
- Demonstrable experience with integration in Splunk or other SIEMs for various security tools is a plus.
- General understanding of security fundamentals (cryptography, least privilege, segregation of duties,…) and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, identity management, directory services, etc.
- Knowledge of Active Directory, DDNS, Group Policy (GPO), Microsoft Windows Server and Desktop operating systems, Linux, …
- Strong work ethic, including consistent documentation
- Ability to work in fast paced, rapidly changing environment and a strong desire to learn
Generally requires experience in the following:
- 3-5 years’ experience in information systems as a system administrator or engineer, cloud administrator, network administrator, with at least two of those with direct information security duties, or security engineer role.
- Experience with cloud, systems, and network security
- Experience with containers (Docker, Kubernetes, …) strongly desired
- Experience with various tooling in the Information Security space
- Experience working with Splunk or other SIEM tools
- Knowledge of IT/Information Security Audit and assessment.
- Knowledge of PCI DSS and EU GDPR
- Knowledge researching, analyzing and recommending information security solutions
- A working knowledge of information security practices and concepts including intrusion detection/ prevention, access controls, risk analysis, vulnerability scanning, and data encryption.
- Strong organizational, excellent written, verbal and interpersonal communication skills are needed to work effectively with a wide variety of staff, outside consultants and vendors.
- Bachelor’s Degree in Information Technology, Information Security, Computer Science, or related field required.
- Advanced industry certification strongly desired, e.g. SANS GIAC, CompTIA Security+, CISSP, CISM, Certified Cloud Security Professional (CCSP)