Urgent need for a Sr. Security Engineer to start immediately for a Direct Hire position with a leading technology company here in Costa Mesa! Prefer this individual locating in Costa Mesa or New York City. (If you are in NY, you will have to be 3 days on site starting day one, if you are in Costa Mesa, you will eventually need to be 3 days on site.) NO C2C or Sponsorship!
This person will be mentoring the Security EngineerHave additional responsibilities compare to the Security Engineer, will be for focusing on Project EffortsRecently Experienced working within an Agile Scrum environment, need to come from a regulated Enterprise environment, and the PCI Regulated Enterprise environment/PCI Compliance is HIGHLY Preferred MUST have knowledge of SIEM solutions, prefer Splunk Enterprise Will be responsible for performing vulnerability management, security scanning, software delivery/SDLC ensuring the applications is developed securely before they move into production (Must have experience in setting up and supporting the security protection during the software development process) Cryptographic management and solutions experience with SSL Certificate Must have automation/scripting experience, open to any automation/scripting tools such as Batch, Shell scripting, etc. Writing security policies, responding to Thread, intrusion DetectionAble to work and communicate effectively with other groups within the organization Coordinating with Patching efforts with other teams, need to have good collaboration skills MUST have experience working within the Cloud environment, company is currently moving into GCP environment, GCP cloud experience is highly preferred, but okay with any Azure, AWS hands on cloud experience MUST understand the importance of DUO key management, truly understand the Private key and Public Key Ensuring the environment is operating and detecting any treads that may come in Must have WAF experience, understand the concept behind the Web Application Firewall Innovative, looking for someone who can come in with new ideas, help them moving into the cloud environment Must have knowledge in Intrusion Detection and File integrity Monitoring tools (SNORT, OSSEC, and ModSEC preferred) Absolute must knowledge operating in a MS Windows and Linux Environments Ability to make suggestions to improve process, procedure and tools through the Enterprise Direct Hands on WAF experience with actual WAF software and not tied to another network product that uses it as an add on module
Cloud migration experience using Automation Terraform Enterprise
Position Summary: The Senior Security Engineer must have extensive experience securing a Payment Card Industry (PCI) environment. This Senior Security Engineer will be responsible for securing the company applications, hardware, software, operating systems, and all other infrastructure systems. This position will facilitate integration with various enterprise IT teams to ensure projects and company initiatives are conducted according to company information security standards. You'll also advise IT staff, risk management stakeholders, managers and staff regarding Information Security policies during IT project initiatives. This Senior Security Engineer will champion Information Security projects including security audits (PCI, SSAE-18, etc.), with a focus on application security, cloud security, automation, risk analysis, vulnerability testing and security reviews on company's infrastructure and systems.
Key technical traits:
* Application and Infrastructure vulnerability testing - Rapid7 InsightVM
* Company-wide log and event monitoring - Splunk Enterprise
* Secured Application Access and control - Okta Identitiy Management
* Real time monitoring and auditing - SNORT, OSSEC
* Web Application Firewall solutions - ModSec
* Cryptographic management and solutions - SSL, IPSEC, HSM
Essential Job Functions:
At least five (5) years of information security operations, information security architecture and security policy management and experience with:Lead role for security compliance efforts and company audits (eg, PCIDSS, SSAE-18).Experience with cloud deployments (AWS, Azure, Oracle Cloud, and general IaaS, SaaS, PaaS deployments) with a focus on securityProduct release vulnerability and gap assessments per product release to support the company SDLC practices in addition to company security policies.Corporate wide vulnerability and gap assessments in order to create appropriate recommendations which result and ensure adequate levels of service and security.Implementing, configuring and administering SIEM products to ensure proper visibility into the environment and compliance requirements.Responsible for incident response escalation and process management.Developing and delivering information security training materials and performing annual security awareness including software development specific security trainings.Evaluate and recommend new and emerging security products and technologies by identifying and coordinating implementation of other security program elements such as patch policy, disaster recovery, fraud prevention and security incident response.Strong understanding of web-based applications and ability to troubleshoot load balanced, multi-tier application and container environment.Knowledgeable in Postman, Ansible, Python or other Scripting languages for system automation.