Job Description :
Position : Sr. Engineer, Enterprise Information Security
Location: Bellevue, WA
Duration: Long term (contract)

Job Description :

QUALIFICATIONS
5+ years of IT infrastructure proficiency and experience that could include one or more of: Encryption, Tokenization, Forensics/eDiscovery, Penetration Testing, Firewalls (OS, WAF), Proxies, Gateways, Routers, VPN, Application Security SAST/DAST, etc
5+ years information security experience preferred
Proven ability to assess and influence capital project design and delivery decisions
Proven ability to assess, recommend, deploy and integrate Information Security tools
Foundational understanding of several enterprise environment technologies
Working knowledge and experience in multiple ISC2 security domains
Familiarity with current legal and regulatory requirements around information security and privacy, including PCI, SOX, HIPAA, GLBA, etc
Ethical Penetration Testing experience preferred
CISSP Preferred


SR. SECURITY ENGINEER SKILLS & RESPONSIBILITIES
Act as a trusted technical advisor with key security stakeholders at all levels of the organization for a variety of information security projects that arise from current business and technological developments
Hands-on experience supporting network, operating system, database, application & data layers across multiple platforms and technologies
Ability to assess risks and provide innovative countermeasures and solutions that appropriately balance security and business requirements
Ability to step into an uncontrolled space and bring security structure
Provide guidance to security analysts, PMs, business partners and IT leadership when new projects are introduced to the business or new risks are identified

SECURITY DESIGN ASSESSOR
Ability to consult internally with Sr. Engineers (Application, Network, DevOps) to apply security principles and best practices that meet business objectives
Experience controlling the threat surface area, identifying attack vectors, vulnerabilities and establishing appropriate controls. Can build a threat model
Evaluation & assessment of compliance to a regulation, law or policy using industry standard methodologies (ISO27001, COBIT, NIST, etc in an enterprise environment

INTERNAL TOOLS
Evaluate, recommend, and implement commercial hardware and software security products to augment and enhance the Company enterprise security program
Hands-on experience installing, configuring, and supporting security related hardware and software such as Certificate Management, Remote Connection, Network Protection, Data Loss Prevention, File Integrity Monitoring, Security Auditing & Logging, and Vulnerability Management
Ability to learn a new technology and drive it from ideation through deployment and integration to fully automated and operationalized
Ability to automate basic integration, data collection, scripting and reporting tasks via secure coding standards

TEAMMATE
Ability to work on multiple tasks simultaneously, set priorities, communicate delivery expectations, and meet deadlines
Innovative, collaborative and able to solve problems independently
Able to work within the team to build measurable, repeatable processes
Strong verbal and written communication skills