Responsibilities:
 

The Security Engineer role includes platform Security Monitoring and Analytics; overseeing and performing Security Engineering tasks and functions; and developing and maintaining application security services for lab and production environments, supporting number porting services for the NPAC (Number Porting Administration Center). In addition, the candidate will be responsible for securing existing systems and applications; evaluating the security for 3^rd party applications, host systems, development software, devices, and technologies for vulnerabilities; and developing requirements for related security solutions. Candidate must develop a thorough understanding of the solution (platform, application, and processes being developed and implemented) to fully meet the technical requirements of the position. 

 Some essential functions of the role include, but are not limited to the following:

• Must be available to support changes and maintenance windows, as needed and required (off-hours).
• Must be available to work in the Security 24 x 7 On-Call rotation and initiate escalation procedures to counteract potential threats/vulnerabilities.
• Assist with incident response and potential breach activities, on a 24x7 schedule, if necessary.
• Conduct security assessments to identify vulnerabilities in existing systems.
• Design and implement security measures to protect against potential threats.
• Develop, implement, and manage security policies and procedures.
• Test, evaluate, deploy, and configure security products and solutions.
• Administer and support security platform components including:  SIEM, HIDS, NIDS, FW, WAF, etc.
• Create and update SIRP response plans and lead incident response teams.
• Monitor system, network, and application activity for signs of unauthorized access or malicious activity.
• Perform security audits and risk assessments.
• Bachelor’s degree in computer science, computer engineering, or similar technical discipline or 6+ years of equivalent work experience.
• Work remote in commutable distance to Bridgewater, NJ or Dallas TX
• US Citizenship required

 General Skills and Qualifications:

• Information security engineering subject matter expert.
• Strong analytical and problem-solving abilities.
• Effective communication and collaboration skills to work with cross-functional teams.
• Analyze threats and attacks reported from multiple sources both internal and external.
• Knowledge of operating systems, virtualization, and database platforms.
• Operating systems: Enterprise Linux, Solaris, Windows.
• Virtualization: VMware, LDOMs, OVM.
• Scripting and /or development ability to integrate, enhance, or customize existing security tools.
• Oracle Database, security auditing and logging.
• Knowledge of network devices, security solutions, and technologies.
• Network, System, and Application event reporting and logging.
• Understanding configuration policy changes for router, switch, firewall, load balancing, updates, upgrades,  and lifecycle management.
• Expertise in configuring and managing firewalls, intrusion detection systems, and other security devices.
• ACL creation, update, and review.
• SIEM, event log processing, correlation, alarming, and reporting.
• WAF policy development and tuning.
• NIDS policy development and tuning.
• Endpoint monitoring and controls, FIM, HIDS, EDR.
• Application security review and assessments.
• Experience with vulnerability assessment and penetration testing.
• Vulnerability scanning, scan development and tuning, review and reporting, develop and support remediation plans.
• Manage penetration test engagements, review findings, and manage remediation efforts.
• Knowledge of security frameworks and industry best practices.

Additional Skills:

• Knowledge and/or experience with the following security applications are a plus – Wazhu, QRadar, Fortinet, CrowdStrike, QLIK, RedSeal, and Tenable Security Center/Nessus.
• Security Industry certification(s) preferred

Responsibilities:

• Work with sensitive and confidential information while maintaining the highest level of confidentiality, professionalism, and ethics
• Maintain documented procedures and follow industry best practices while conducting application and server security testing under supervision
• Performing assessments of System Development Life Cycle (SDLC) processes
• Be willing to learn new programming languages, frameworks, tools and paradigms given proper guidance and supervision
• Contribute to helping application teams learn industry security tradecraft

Requirements:

• Pursuing a B.S degree in Computer Science, Information science or a similar field or graduated and pursuing a M.S. degree.
• Some experience in or understanding of software development in one or more of the following languages / frameworks: Java / Spring, Python, Angular, React
• Comfortable working on Windows and Linux machines (RHEL, CentOS, Ubuntu)
• Strong ethics and understanding of ethics in business and information security
• Some experience performing code reviews
• Collaborate with both internal and external partners to develop and update Security Operations standards, procedures, guidelines, and best practices
• Ability to complete tasks and deliver professionally written oral reports to clients at all levels of the organization
• Developing and reporting of key information, metrics, security performance, and driving enterprise processes
• Excellent communication, collaboration, and strong project management skills
• US Citizenship Required

Additional Skills:

• Possesses current security certification(s) or is working towards one
• Basic understanding of DevOps technologies such as Jenkins, Puppet, Chef
• Basic understanding of Containerization technologies like Docker, Kubernetes etc..
• Experience with some web application vulnerability scanning tools (e.g., Tenable/Nessus, OWASP ZAP, Burp Suite)
• Some experience with Cloud technologies (AWS, Azure or GCP)