Vacancy expired!
Urgent need for a Sr. Security Engineer to start immediately for a Direct Hire position with a leading technology company here in Costa Mesa! Prefer the candidate being in either Costa Mesa, CA or New York, NY). This can be 100% remote! Open to Direct Hire or Pure Contract candidates!
NO C2C or Sponsorship!MUST:- This person will be mentoring the Security Engineer
- Have additional responsibilities compare to the Security Engineer, will be for focusing on Project Efforts
- Recently Experienced working within an Agile Scrum environment, need to come from a regulated Enterprise environment, and the PCI Regulated Enterprise environment/PCI Compliance is HIGHLY Preferred
- MUST have knowledge of SIEM solutions, prefer Splunk Enterprise
- Will be responsible for performing vulnerability management, security scanning, software delivery/SDLC ensuring the applications is developed securely before they move into production (Must have experience in setting up and supporting the security protection during the software development process)
- Cryptographic management and solutions experience with SSL Certificate
- Must have automation/scripting experience, open to any automation/scripting tools such as Batch, Shell scripting, etc.
- Writing security policies, responding to Thread, intrusion Detection
- Able to work and communicate effectively with other groups within the organization
- Coordinating with Patching efforts with other teams, need to have good collaboration skills
- MUST have experience working within the Cloud environment, company is currently moving into GCP environment, GCP cloud experience is highly preferred, but okay with any Azure, AWS hands on cloud experience
- MUST understand the importance of DUO key management, truly understand the Private key and Public Key
- Ensuring the environment is operating and detecting any treads that may come in
- Must have WAF experience, understand the concept behind the Web Application Firewall
- Innovative, looking for someone who can come in with new ideas, help them moving into the cloud environment
- Must have knowledge in Intrusion Detection and File integrity Monitoring tools (SNORT, OSSEC, and ModSEC preferred)
- Absolute must knowledge operating in a MS Windows and Linux Environments
- Ability to make suggestions to improve process, procedure and tools through the Enterprise
- Direct Hands on WAF experience with actual WAF software and not tied to another network product that uses it as an add on module
Preferred:- Cloud migration experience using Automation Terraform Enterprise
Position Summary: The Senior Security Engineer must have extensive experience securing a Payment Card Industry (PCI) environment. This Senior Security Engineer will be responsible for securing the company applications, hardware, software, operating systems, and all other infrastructure systems. This position will facilitate integration with various enterprise IT teams to ensure projects and company initiatives are conducted according to company information security standards. You'll also advise IT staff, risk management stakeholders, managers and staff regarding Information Security policies during IT project initiatives. This Senior Security Engineer will champion Information Security projects including security audits (PCI, SSAE-18, etc.), with a focus on application security, cloud security, automation, risk analysis, vulnerability testing and security reviews on company's infrastructure and systems.This person will be responsible for all aspects of security as it relates to the Enterprise environment. Looking for someone with extensive experience in a PCI Regulated environment who understands the concepts needed to secure the environment, monitor for anomalies and make suggestions to improving process, procedure and tools through the enterprise.Key technical traits: Application and Infrastructure vulnerability testing - Rapid7 InsightVM Company-wide log and event monitoring - Splunk Enterprise Secured Application Access and control - Okta Identitiy Management Real time monitoring and auditing - SNORT, OSSEC Web Application Firewall solutions - ModSec Cryptographic management and solutions - SSL, IPSEC, HSMEssential Job Functions: At least five (5) years of information security operations, information security architecture and security policy management and experience with: Lead role for security compliance efforts and company audits (e.g., PCIDSS, SSAE-18). Product release vulnerability and gap assessments per product release to support the company SDLC practices in addition to company security policies. Corporate wide vulnerability and gap assessments in order to create appropriate recommendations which result and ensure adequate levels of service and security. Implementing, configuring and administering SIEM products to ensure proper visibility into the environment and compliance requirements. Responsible for incident response escalation and process management. Developing and delivering information security training materials and performing annual security awareness including software development specific security trainings. Evaluate and recommend new and emerging security products and technologies by identifying and coordinating implementation of other security program elements such as patch policy, disaster recovery, fraud prevention and security incident response. Strong understanding of web-based applications and ability to troubleshoot load balanced, multi-tier application and container environment. Experience with cloud deployments (AWS, Azure, Oracle Cloud, and general IaaS, SaaS, PaaS deployments) with a focus on security Knowledgeable in Postman, Ansible, Python or other scripting languages for system automation.Position Requirements: Bachelor of Science in Engineering or Computer Science (or equivalent) is required Be passionate about securing systems in a dynamic environment Ability to interface with all levels of employees up to executive level Ability to work both independently with little supervision and in a team environment Must be articulate and communicate effectively, both in written and oral formats Exercise troubleshooting and problem-solving skills Excellent attention to detail and organization skills Ability to maintain and meet schedulesWe are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance. Vacancy expired!
