Job Description :
Responsibilities:
Assist the Engineering organization by developing, recommending, evaluating, integrating, deploying, and enforcing security tools including static, binary, and dynamic analyzers, fuzzy logic, security frameworks, etc.
Implement tooling and integration for various business units in alignment with our strategy.
Drive the adoption of internal security practices.
Evaluate software security products and technologies.
Provide information security consulting services to internal development groups
Work with other technologist to provide technical expertise on application security matters.
Participate in the development, review and update of application security standards.
Assist the various internal groups perform code review and drive/track remediation of issues discovered.
Maintain knowledge of security and privacy laws, industry best practices, changes in technology, and advice/prepare on the impact.
Assist in defining security configurations for threat detection and prevention tools.
Designs automated workflows to streamline security operations.
Researches, analyzes, and formulates recommendations regarding technologies, products, and solutions to fulfill requirements within the enterprise.
Security tool administration and support (Network/Endpoint/Threat Hunting/Investigations
Designs, implements, configures, and manages solutions within the supported Linux, Mac, and PC technologies, products, and services.
Assist with version/patch management, and lifecycle management of systems.
In summary, we need you to make it very hard for us to make security mistakes!
Required Experience:
5+ years of experience in an IT security position.
5+ years of experience in systems and network administration.
3+ years of experience with Cloud computing.
3+ years of experience with security frameworks, APIs, libraries, etc.
Experience with using, tuning, and rolling out security tools like Fortify, AppScan, NESSUS, Metasploit etc.
Proficiency in flavors of Linux, Mac, and Windows operating systems.
Intimate knowledge of Cloud, Public Cloud security best practices and monitoring of systems and services hosted in the cloud (IaaS, SaaS etc.
Knowledge or experience with virtualization including containers (kubernetes, dockers) will be a plus.
Must be well organized and able to leverage best practices, able to thrive in fast-paced environment, and most importantly, have the ability to approach problems with an innovative, can-do attitude.
Demonstrates the ability to analyze and resolve issues independently.
Manage maintenance, enhancements and upgrades for supported security systems using standard project methodology.
Knowledge of system and network architecture and interrelationships (technical and functional
Scripting knowledge is a plus (python, shell, PowerShell
Bachelor’s Degree preferred but not mandatory.
Preference for at least one current recognized security professional certification such as CISSP, GIAC.
Experience in working in highly dynamic large-scale enterprises.
Knowledge of security vendors and security product capabilities.
Experience in configuration management (Salt, Puppet etc, automation and orchestration will be a plus.