A strong multi-tasker with a keen eye for detail, a successful Information Security Engineer can think one step ahead of criminals. They are well organized and thrive in fast-paced, high-stress scenarios. In addition to these general skills and personality traits, ZeroDay Partners is seeking Information Security Engineer candidates with the following skills to be considered for incoming opportunities:
Potential Responsibilities: The following is a list of skills that the ideal candidate will have experience in. Depending on the specific role within the team, the responsibilities may vary from the list below.
- Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
- Apply security policies to meet security objectives of the system.
- Apply service oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements.
- Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
- Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
- Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level for Cloud (PaaS and/or SaaS) solutions
- Implement specific cybersecurity countermeasures for systems and/or applications.
- Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.assessment tools, technologies and methods
- Perform security reviews, identify gaps in security architecture, and develop a security riskmanagement plan.
- Plan and recommend modifications or adjustments based on exercise results or system environment.
- Properly document all systems security implementation, operations and maintenance activities and update as necessary.
- Provide input on security requirements to be included in statements of work and other appropriate procurement documents.
- Verify and update security documentation reflecting the application/system security design features.
- Assess the effectiveness of security controls.
- Analyze and report organizational and system security posture trends.
- Assess adequate access controls based on principles of least privilege and need-to-know.
- Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed.
- Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
- Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
- Verify minimum security requirements are in place for all applications.
- Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
- Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.
- Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of Cloud-based technologies and concepts related to security, governance, procurement, and administration.
- Knowledge of firewall concepts and functions.
- Knowledge of basic system, network, and OS hardening techniques.
- Knowledge of organizational training and education policies, processes, and procedures.
- Knowledge of emerging technologies that have potential for exploitation by adversaries.
- Perform cybersecurity testing of developed applications and/or systems.
- Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions.
- Knowledge of Internet and routing protocols.
- Completion of a Bachelor’s degree or equivalent program in Cyber Security, Computer Science, Computer Engineering, Electrical Engineering, Network Security, Information Security, Information Technology, or Mathematics (or equivalent work experience)
- 1+ years of experience as a cyber security analyst or related role.
- Certifications preferred but not required.