General

Information Security Engineer

Responsibilities

  • Drive cloud/container security improvements
  • Review existing vulnerability management program, identify areas for improvement and implement changes
  • Perform application security assessments and create action plan for improvement
  • Review and recommend network security improvements (network segmentation, WebApplication Firewall, etc)
  • Engage in our vendor risk management program
  • Implement and/or enhance security controls of CI/CD pipelines
  • Meet with product owners, development teams, and affiliated parties to review your assessment results and consult on remediation options.
  • Meet with stakeholders to track vulnerabilities and then perform retests as needed
  • Lead activity to investigate and mitigate security incidents
  • Mentor and evangelize security practices through cross functional work with technical and non-technical teams throughout the organization
  • Assess security tools capability, performance, and effectiveness
  • Stay informed of attack trends, zero-day vulnerabilities, methodologies, and risks within the cyber security realm

Qualifications

  • Minimum of 5years of experience with demonstrated success in improving cybersecurity posture
  • Experience researching, building and implementing defensive security systems that are used against internal and external attack vectors
  • Several years of experience developing or testing web applications, preferably e-commerce or business applications that face theInternet.
  • Experience performing application security testing using manual techniques plus runtime vulnerability testing tools and/or code review tools
  • Knowledge of common protocols and how each works
  • Development and/or testing experience of PHP, Java and/or.NET applications
  • Ability to research, analyze, prioritize, problem solve, and work several tasks concurrently with minimal supervision
  • Ability to communicate clearly, both orally and in writing, and produce high quality written products
  • Strong work ethic and commitment to accomplish assigned tasks
  • Experience with cyber security policies and industry best practices (e.g. NIST SP 800series, PCI DSS, NIST cyber security framework, HITRUST, CIS, DISA STIG)

Soft Skills

  • Honesty and integrity
  • Excellent written and verbal communication skills
  • Willingness to do hands-on, highly technical work
  • Strong focus on working asa team with all parties involved
  • Desire to research and learn new technologies, security tools, and software as well as the flexibility to adjust as new situations arise.
  • Familiar with ticketing systems, such as JIRA