6 months ago
Unfortunately this job has now expired. However you can view all of our Live jobs here.
The DevOps Information Security Engineer is responsible for providing technical expertise related to infrastructure and software security design, implementation, and support of a new product set for the company
- Providing analytical and technical security recommendations to other team members, oversight boards, and clients
- Identifying requirements resulting from a security issues that puts the organization’s systems at risk
- You will be performing network penetration, web application testing, source code reviews, threat analysis, wireless network assessments, and social engineering assessments
- Meeting with clients and management to help specify and negotiate application security requirements
- Reviewing current policies and procedures for applicability, maintain system OS security patch levels, and ensure the safe transition of applications to production
- Developing technology to automate security monitoring
- Recommending effective security configurations and architecture to active members in technical work groups
- Working closely with the Enterprise Architect, Network Engineering, and Enterprise Management Teams to effectively communicate and architect security solutions
- Coordinating with traditional information security teams to share ideas with a goal of maintaining proper company-wide security standardization
- Providing risk analysis for product features and architecture decisions.
- Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline
- 3+ years’ experience working with information security issues affecting financial service organizations and/or cloud-based application service providers
- Strong experience in systems administration, security devops processes, system hardening, and patch management strategies.
- Experience with system automation frameworks (Puppet, Terraform) and CICD pipeline (Jenkins, GitLab CI/CD).
- Knowledge of cloud native technologies, key management solutions, and networking strategies
- Specific security-related experience including data-at-rest encryption, certificate validation, IDS/IPS, firewalls, SIEM and log management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessments including: cross-site scripting, SQL injection, cross-site request forgery, HTTP response splintering, the OWASP Top 10, and SANS Top 25.
- Possess at least one of the following professional designations or similar CISSP, CISM, CISA, CISM or CGEIT
- Excellent verbal and written communication skills in English.