Senior Security Engineer
- Washington, DC
Immediate need for a hands-on Information Senior Security Specialist to help align systems to our global InfoSec standards. This position requires an experienced cloud engineer who can interact with global InfoSec leads, understand global security standards and then work directly with our development and infrastructure teams to implement these standards. You will be expected to be hands-on and should be comfortable working on AWS directly to configure platform services.
- Understand and audit existing IT systems to ensure they adhere to various InfoSec standards including the Payment Card Industry Data Security Standard (PCI DSS), the NIST Cybersecurity Framework and ISO 27001 Standards.
- Design, implement, and monitor security measures for the protection of web sites, cloud networks and information privacy.
- Identify, define & implement system security requirements for cloud applications.
- Work with development teams and infrastructure teams to incorporate tools and best practices to ensure cloud-based IT systems are secure and compliant.
- Schedule system patching and record patch history across our entire environment to meet auditing requirements.
- Set up and configure new platform services on cloud environments.
- Minimum 5 years working across organizations to develop and implement security standards across organizations to develop and implement security standards
- Minimum 5 years working with operations and development leads to understand organizational security requirements and how they would impact production systems
- Minimum 2 years working in a system engineering or DevOps capacity in any cloud-based environment (e.g. AWS, Azure, GCP)
- Experience writing security standards and related documentation including Risk Assessments and Risk Mitigation plans
- A solid understanding of networking, network security, encryption and routing from a security perspective.
- Experience with implementation, administration, and troubleshooting of Windows Server and Linux systems, including patch management and server hardening
- Experience with log file analysis, vulnerability scanning and monitoring tools
- Excellent written and oral communications skills
Nice to Haves
- Experience working in a global organization and working with remote teams to understand security requirements
- Direct hands on experience with AWS and platform services such as ELB, EC2, SQS, RDS
- Direct hands on experience with New Relic and/or Splunk
- Experience working with distributed cloud based systems operating at scale
- Experience working in the Financial industry and understanding financial systems security best practices
- Experience with various web application frameworks such as .NET, Java or PHP
Monday, June 11, 2018