Job Description :
Our Fortune 10 client is looking for a Security Engineer to fill a long term project.
This Role is not to be confused with Security Administrators whose responsibilities are SIEM and scanning and remediations. This is more of hands on role. Please go through the requirements before applying.
PRINCIPAL DUTIES AND RESPONSIBILITIES
Work cross-functionally to ensure security and compliance of DevOps processes and methodology
Ensure a clear security baseline on infrastructure and that environmental commissioning practices meet security standards
Design and implement security landing zone along with R&D and Platform Engineering teams
Generate security KPIs, alerts, procedures, and reporting to ensure appropriate security controls are in place in the environment
Utilize the appropriate mixture of existing Security Operations tools, security services, third-party applications, and as needed develop security automation and methodologies to help us meet our goals
Work closely with and guide the Platform Engineering team to be the onsite eyes and ears.
Ensure the security of customer data and service availability for a 24/7 mission-critical service line.
You will be working with architects, engineers and site reliability engineers across the entire organization to secure our infrastructure, harden our clients, servers and networks against abuse.
Strong understanding of security best practices
Strong understanding of security frameworks such as ISO/IEC 27001, NIST 800-53 or OWASP
Act as a domain expert and consultant for systems, network and infrastructure security
Conduct detailed security risk assessments on internal and client facing services and infrastructure
Define security best practices, security policies and lead all security implementation initiatives
Proactively identify information security risks and develop solutions to mitigate security risks
Evaluate and recommend new and emerging security products and technologies
KNOWLEDGE & SKILLS
Clear understanding and your own ideas of what works best for securing and running scalable and highly available applications. Experience with cloud automation tools such as Ansible, Puppet, Chef, terraform, etc.
Experience with securing environments utilizing continuous development tools such as GitHub, Artifactory, Jenkins
Experience with securing cloud technologies
Experience with securing containers and related container mechanisms such as Docker and Kubernetes
Experience securing cloud storage containers and developing related security controls
Experience gathering security logs.
Scripting/coding skills (e.g., Ruby, Python)
Working knowledge of code pipeline tools is advantageous
In-depth knowledge of one or more security frameworks including NIST, CSA, SOC2, etc.
Experience working with sensitive customer data and critical operational services
Working knowledge of Linux, Windows, virtualization stacks, databases, storage and networking devices
Demonstrable knowledge of TCP/IP, HTTP, web application security, and experience supporting multi-tier web application architectures
Problem solving skills and ability to work in a rapid paced, customer facing, 24/7 production environment
Proven successful project management skills and technical leadership
Excellent written and verbal communication and documentation skills
Ability to work within a global team and strong work ethic, self-starter