Senior Security Engineer
DESCRIPTION
The Senior Security Engineer’s role is to serve as a security expert in network and/or platform (operating system) efforts, application development, database design, helping project teams comply with enterprise and IT security policies, industry regulations, contractual obligations, SOX, and security best practices. This is achieved by planning, designing, and developing security best practices then implementing. The candidate has used Juniper Security Analytics and QRadar, and has a keen knowledge of SIEM The Engineer will monitor all activity, kicks off alerts and notifies IT support team.
In addition, the Senior Security Engineer will participate with the installation, monitoring, maintenance, support, and optimization of all security hardware, software, and communication links. This individual will also analyze and resolve security related problems in a timely and accurate fashion, and provide end-user training where required.
REQUIREMENTS
- Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.
- Researches, evaluates recommends, and implements information-security-related hardware and software, including developing business cases for security investments.
- Contributes to the development and maintenance of the information security strategy.
- Create security standards for firewalls, wireless access, other network devices, servers, systems, applications, and databases.
- Researches, designs and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
- Communicates security risks and solutions to business partners and IT staff.
- Monitor security risk and troubleshoot problem areas as needed.
- Installation, configuration, maintenance, and troubleshooting of security software and equipment
Assists in the coordination and completion of information security operations documentation. - Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
- Advises security administrators on normal and exception-based processing of security authorization requests.
- Penetration testing and vulnerability assessments: performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action.
- Responsible for the execution of risk assessment activities, analyzing theresults of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.
KNOWLEDGE & EXPERIENCE
- Bachelor’s degree in computer science or electrical engineering and/or 1-5 years’ equivalent work experience.
- Scripting- Powershell scripting is ideal but open to different languages (e.g., BASH/PEARL).
- Certifications: CISSP, CISM, CISO, not required, but a plus
- Strong knowledge of network security
- Firewalls – Juniper / Cisco / Checkpoint (familiarity with one, Juniper is used onsite)
- VPN & remote access
- Strong knowledge of application and database security
- The role of security within the SDLC
- Database encryption
- Application vulnerability discovery/assesment
- Strong working knowledge of authentication and access control
- Federated authentication. e.g. ADFS, SSO, SAML, OpenID
- Active Directory security groups
- Application roles
- Strong working knowledge of operations and security monitoring tools
- SEIM: Juniper STRM
- Vulnerability assessment
- Orion Solarwinds
- Antivirus
- Strong troubleshooting skills
The following would be a definite plus
- Experience in a large infrastructure or security implementation. i.e. multiple sites throughout a geographically dispersed area
- Experience in a multi-datacenter environment
- Understanding of application development
PERSONAL ATTRIBUTES
- Highly self-motivated and directed; takes initiative.
- Strong written and oral communication skills.
- Keen attention to detail.
- Proven analytical and problem-solving abilities.
- Ability to work both independently and in a team-oriented, collaborative
- Willingness to learn and grow.
