Thesys Technologies is looking for a team player who can work in a dynamic trading technologies company. We are looking for a Senior Information Security Engineer with a focus on cloud security.
- Design, build and maintain the systems that keep Thesys Technologies and its customers secure.
- Automate security process to reduce as much manual process as possible
- Develop tools to test, monitor and enforce security polices for endpoints, servers, network and cloud environments
- Demonstrate the effectiveness and coverage of these systems
- Own and improve cloud security and monitoring
- Draft, review and review policies and procedures according to regulations, including Regulation SCI, FedRAMP and NIST
- Directly engage with developers, net ops and dev ops to captures control implementation details in order to document adherence to security policies
- Interact with Linux, Unix and macOS operating systems for monitoring and compliance
- Perform risk assessments, threat modeling, information gathering, and other activities as needed
- Experience as a Security Engineer and delivering engineering projects
- Experience administering and securing AWS, Azure, Linux, macOS and other Unix variants
- Proficiency in at least one programming language (e.g. Python, Node, Go..)
- Familiarity with Tenable, Nessus and Fortify
- Experience with log collection and storage (eg: ELK/EFK stacks..)
- Experience with Configuration enforcement tools (eg: Ansible, Puppet, JAMF, Centrify)
- Understanding of LDAPs and other directory services technologies
- Strong written and verbal communication skills
- 6+ years of relevant experience with a Bachelor’s degrees in Computer Science, Information Assurance, Information Technology, or other related field, or 10+ years of relevant work experience
- Experience with Certificate Authorities, Key Management Systems and Encryption
- Experience running a vulnerability management program
- You write readable, maintainable code and have experience managing source code with git
- Industry certifications including; SANS certificates, CISSP, CISM, Security+ and Operating System certificates.