Vacancy expired!
An organization in the API space is actively seeking to expand their cybersecurity presence with the addition of a Senior Security Engineer. This organization is nationally recognized as a thought leader in API innovations. They pride themselves on offering a stellar work-life balance with plans to adopt a hybrid work schedule. The Senior Security Engineer is responsible for ensuring that the organization complies with regulatory requirements, customer contracts, industry best practices, etc. In this position, you will be responsible for protecting the organization's assets, building processes and procedures to reduce risk, and working with multiple teams. Ensure the security of the organization's code and infrastructure, etc. Required Skills & Experience • Over 5 years of experience in technical security functions • High initiative, attention to detail, and the ability to work independently and effectively with minimal supervision • Strong technical skills with experience in configuration and management: network teams (such as routers, switches, etc.), various operating systems, data centers / cloud environments, identity and access management systems, endpoint security, email filters, SIEM, IPS / IDS, firewalls, scanners of vulnerabilities, encryption algorithms, etc. • Must be able to plan, manage, and implement security-related tools and projects on an individual basis, and cooperate with operations and data intelligence teams as needed. • Have experience in planning and managing security risk assessments, such as penetration testing, third party audits of matches, and vulnerability assessments. • The ability to communicate complex issues, vulnerabilities, and security recommendations provides information to other teams, senior managers, external vendors, and more. • Have experience in the analysis of design requirements, infrastructure changes, etc. to identify security weaknesses, risks, and areas for improvement, and to be able to recommend protection measures, risk mitigation, etc. • Ability to develop indicators and various reports to monitor and report on the progress and health of the security plan • Ability to build security solutions and access to web applications, SaaS environments, APIs, cloud environments, endpoints, networks, etc. • Ability to analyze records, data packet capture, malicious files, etc., looking for indicators of dangers, abnormal behavior, or threats, and able to design and implement adequate protection measures • Able to implement controls and regulations from various frameworks such as: HIPAA, NIST, ISO 27001, COBIT, CIS Controls, OWASP Top 10, etc. • Have or understand software development and the software development life cycle What You Will Be Doing Daily Responsibilities • Responsible for the actual configuration and support of a wide range of network and security technologies, such as: IPS / IDS, SIEM, vulnerability scanner, identity and access management, access control, DLP, firewall, point security endpoint, email filtering, and routers • Responsible for working closely together with multiple teams to assess current architecture and security-related processes such as vulnerability management, patch management, endpoint security, environments in the cloud, etc., to find ways to design and implement enhancements • Design and implement security solutions to improve security monitoring and generate alerts Capabilities while minimizing friction in application development. • Develop indicators and various control measures to monitor and report the progress of the security plan and health status • Assist and lead the work of responding to security incidents to collect the required evidence and remedy the incident • Work with multiple teams to monitor and report on health and production status Conduct risk assessment test environments, cloud / data center environments, proposed changes, APIs, networks, applications, etc. to ensure they are free from security vulnerabilities and follow industry best practices and design security controls and protection measures • Manage the organization's vulnerability management and patch management plans, including our bug bounty plan, annual penetration tests, etc. • Configure log collection and analysis tools (SIEM) to monitor network and system problems, and design alerts to notify team of potential problems • Responsible for planning and managing security-related projects • Use multiple sources Information such as Threat Intelligence Reports / Summary, NIST NVD, Vendor Recommendations, etc. to assess potential threats and vulnerabilities, and then make reasonable suggestions for improvement The Offer
- Competitive Salary: Up to $140K/year, DOE
- Medical Insurance & Health Savings Account (HSA)
- 401(k)
- Paid Sick Time Leave
- Pre-tax Commuter Benefit
Vacancy expired!