3 months ago
The DevOps Information Security Engineer is responsible for providing technical expertise related to infrastructure and software security design, implementation, and support of a new product set for the company
- Providing analytical and technical security recommendations to other team members, oversight boards, and clients
- Identifying requirements resulting from a security issues that puts the organization’s systems at risk
- You will be performing network penetration, web application testing, source code reviews, threat analysis, wireless network assessments, and social engineering assessments
- Meeting with clients and management to help specify and negotiate application security requirements
- Reviewing current policies and procedures for applicability, maintain system OS security patch levels, and ensure the safe transition of applications to production
- Developing technology to automate security monitoring
- Recommending effective security configurations and architecture to active members in technical work groups
- Working closely with the Enterprise Architect, Network Engineering, and Enterprise Management Teams to effectively communicate and architect security solutions
- Coordinating with traditional information security teams to share ideas with a goal of maintaining proper company-wide security standardization
- Providing risk analysis for product features and architecture decisions.
- Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline
- 3+ years’ experience working with information security issues affecting financial service organizations and/or cloud-based application service providers
- Strong experience in systems administration, security devops processes, system hardening, and patch management strategies.
- Experience with system automation frameworks (Puppet, Terraform) and CICD pipeline (Jenkins, GitLab CI/CD).
- Knowledge of cloud native technologies, key management solutions, and networking strategies
- Specific security-related experience including data-at-rest encryption, certificate validation, IDS/IPS, firewalls, SIEM and log management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessments including: cross-site scripting, SQL injection, cross-site request forgery, HTTP response splintering, the OWASP Top 10, and SANS Top 25.
- Possess at least one of the following professional designations or similar CISSP, CISM, CISA, CISM or CGEIT
- Excellent verbal and written communication skills in English.