Security Engineer

We are looking for the Security Engineer who will define, implement, and maintain security systems and processes to detect, access, and mitigate electronic threats to the companies computing environment. Security Engineer will work within the Information Security Team and the Information Systems department to assure compliance with State and Federal laws, PCI-DSS and organizational policies and standards. He/she will evaluate external information from providers as it relates to the threat posture of the company. Security Engineer will provide technical information security leadership companywide in the assessment, planning, design, and implementation of appropriate information security architecture, processes, products, controls, and/or projects requiring significant or advanced expertise. He/she will support the core functions of the security operations team and oversee internal and external vulnerability and penetration tests. Security Engineer will provide security guidance and consultation to other company areas as requested.

Attendance Requirements

This position is full-time. The employee is expected to work 40 hours weekly, Mon-Fri.

Key Job Responsibilities

• Provides analytical and technical security recommendations to other team members, oversight boards, and clients. Identifies requirements, based upon need or as the result of a security issue that puts organizations systems at risk.
• Perform network penetration, web application testing, source code reviews, threat analysis, wireless network assessments, and social engineering assessments
• Meets with clients and management to help specify and negotiate application security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of applications to production
• Develops technology to automate security monitoring
• Develop, debug, test, and support the certification process
• Create, maintain, and document security baselines
• Evaluate and recommend secure remote configurations
• An active member in technical workgroups to recommend effective security configurations and architecture
• Liaison to the Enterprise Architect, WAN, LAN, and Enterprise Management Teams to effectively communicate and architect security solutions
• Develops documentation to support ongoing security systems operations, maintenance, and specific problem resolution
• Works with and coordinates appropriate IT staff to implement solutions that will meet or exceed customer expectations
• Provide risk analysis for vulnerabilities, incidents, and change requests
• Functions as technical lead during a security incident response

Key Skills

• Well versed in the information security issues affecting financial service organizations and cloud-based application service providers.
• Expertise in TCP/IP; web architectures and technologies such as HTML, JavaScript, XML, REST, PHP
• Web application penetration testing experience identifying architectural design weaknesses from analyzing a web application
• Implementing PKI components in a network, application and architecture and authentication capabilities of Windows, UNIX, Linux, Apple and middleware
• Experience with database technologies, architectural reviews and PCI-DSS.
• Specific Security related experience included Data-at-rest encryption, certificate validation, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment to include; cross-site scripting, SQL injection, cross-site request forgery, HTTP response splintering, the OWASP Top 10 and SANS Top 25.
• Bachelor degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
• Possess at least one of the following professional designations (or one of similar stature):
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information System Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified in the Governance of Enterprise Information Technology (CGEIT)
• Demonstrated excellent interpersonal skills.
• Ability to interface effectively with all levels of employees/management.
• Ability to stay focused to ensure that projects are completed accurately and on time.
• Demonstrated excellent organizational skills
• Ability to prioritize and complete multiple interdepartmental tasks in a timely fashion.
• Excellent verbal and written communication skills in English

What we offer:

• Highly talented, professional, and friendly team and great working environment
• The ability to use cutting edge technologies
• Introductory training
• Possibility for personal and professional growth
• Flexible working hours
• Private Health Insurance
• Free soft drinks, fruit, tea, and coffee
• Full remote until July 2022, after that 2 days WFH/week

If you are interested in this position, please send a covering letter and CV in English!

Rok za konkurisanje: 07.11.2021.