Information Security Engineer
This role requires someone who is outgoing, has excellent communication skills, enjoys working as part of a team, can successfully multi-task, and thrives on being successful in high-stress environments. Successful candidates will have strong interpersonal skills, a confident presence, adept logical troubleshooting, testing experience, task management skills, and root cause analysis abilities.
We are looking for an Information Security Engineer to maintain a high level of professionalism and customer service skills. You will be trusted with some of the company's most confidential information, which means will we expect you to conduct yourself with an extremely high degree of ethics.
- Working with other team members to develop, promote, and implement strategies to balance security recommendations with business needs.
- Defining security policies, standards, guidelines, and procedures to ensure ongoing security maintenance.
- Staying abreast of industry best practices in risk management techniques and integrating new methods and tools.
- Providing in-depth support for information security incidents (internal violations, hacker attacks, viruses, system outages, etc.) and assisting with investigation of security breaches, policy violations, and other incidents.
- Monitoring vendor and third party security reports/lists and proactively patching vulnerabilities.
- Follow-up on remediation of vulnerabilities with internal departments and development teams.
- Maintain email-based end-user security awareness training program.
- Create and modify policy documentation as needed.
- Assist with internal/external audits of business units and third-party vendor security infrastructure.
- 3+ years of experience with writing testing assessment reports.
- Familiarity with software attack and exploitation techniques.
- Experience performing web application penetration testing.
- 3+ years of experience with common penetration/vulnerability testing tools, including Metasploit, Nessus, OpenVAS, nmap, Kali, Backtrack, and BurpSuite.
- Must have a strong networking background such as TCP/IP and or OSI layer.
- Knowledgeable of the OWASP top 10.
- Certifications such as CISSP, CEH, SANS is a plus.
- Extensive experience in assessing Windows, Mac, and Linux.
- Ability to write extendable scripting.