Seeking a Senior IT Security Engineer to join our growing IT team.
This role requires strong domain knowledge of IT and application security, vulnerabilities, and exploits (practical and theoretical).
This role also requires the ability to work and collaborate with different groups and contribute to the portfolio of security services from strategy, planning, delivery, integration, management, and delivery.
- Assist the Engineering organization by developing, recommending, evaluating, integrating, deploying, and enforcing security tools including static, binary, and dynamic analyzers, fuzzy logic, security frameworks, etc.
- Implement tooling and integration for various business units in alignment with our strategy.
- Drive the adoption of internal security practices.
- Evaluate software security products and technologies.
- Provide information security consulting services to internal development groups
- Work with other technologist to provide technical expertise on application security matters.
- Participate in the development, review and update of application security standards.
- Assist the various internal groups perform code review and drive/track remediation of issues discovered.
- Maintain knowledge of security and privacy laws, industry best practices, changes in technology, and advice/prepare on the impact.
- Assist in defining security configurations for threat detection and prevention tools.
- Designs automated workflows to streamline security operations.
- Researches, analyzes, and formulates recommendations regarding technologies, products, and solutions to fulfill requirements within the enterprise.
- Security tool administration and support (Network/Endpoint/Threat Hunting/Investigations).
- Designs, implements, configures, and manages solutions within the supported Linux, Mac, and PC technologies, products, and services.
- Assist with version/patch management, and lifecycle management of systems.
Must Have Skillsets:
- 5+ years of experience in an IT security position.
- 5+ years of experience in systems and network administration.
- 3+ years of experience with Cloud computing.
- 3+ years of experience with security frameworks, APIs, libraries, etc.
- Experience with using, tuning, and rolling out security tools like Fortify, AppScan, NESSUS, Metasploit etc.
- Proficiency in flavors of Linux, Mac, and Windows operating systems.
- Intimate knowledge of Cloud, Public Cloud security best practices and monitoring of systems and services hosted in the cloud (IaaS, SaaS etc.).
- Knowledge or experience with virtualization including containers (kubernetes, dockers) will be a plus.
- Must be well organized and able to leverage best practices, able to thrive in fast-paced environment, and most importantly, have the ability to approach problems with an innovative, can-do attitude.
- Manage maintenance, enhancements and upgrades for supported security systems using standard project methodology.
- Knowledge of system and network architecture and interrelationships (technical and functional).
- Scripting knowledge is a plus (python, shell, PowerShell).
- Preference for at least one current recognized security professional certification such as CISSP, GIAC.
- Experience in working in highly dynamic large-scale enterprises.
- Knowledge of security vendors and security product capabilities.
- Experience in configuration management (Salt, Puppet etc.), automation and orchestration will be a plus.
- Bachelor’s Degree preferred but not mandatory.
- Demonstrates the ability to analyze and resolve issues independently.
Location: Santa Clara, Ca
Type: Full Time
Cyber / Information Security Engineer / Analyst