Security Engineer – Analyst
Our Georgia client is looking for a Security Engineer to perform assessments on application, systems and networks and identify security vulnerabilities caused by gaps or failures in the patching, hardening/configuration or software development life-cycle (SDLC). The Security Engineer will monitor and report results to stakeholders and management as well as measures the effectiveness of remediation against internal policies and external compliance
Knowledge and Skills for the Security Engineer
- Knowledge of
- risk management processes (e.g., methods for assessing and mitigating risk)
- laws, regulations, policies, standards and ethics related to cybersecurity and privacy.
- specific technical and operational impact of security lapses.
- system life cycle management principles, including software security and usability.
- secure coding techniques, system patching processes/methodologies and/or system and network hardening best practices.
- Confidentiality, Integrity and Availability requirements
- security, operational, development objectives.
- Apply cybersecurity and privacy principles to corporate policies and external compliance.
- Executing vulnerability assessments against applications and/or networks using automated and/or manual methods.
- Reporting results and analysis to stakeholders using tools, scripting or query languages as well as communicating with and maintaining compliance to policies.
- Experience delivering dashboard type reporting or metrics related to a security program by utilizing and correlating multiple data sources through APIs, database queries or other technical means.
- Bachelor’s degree in Computer Science, Info Security, or related field or relevant work experience in a related field.
- Splunk and Vulnerability Management Reporting
- Minimum 2 years relevant experience including network operations or engineering or system administration on Unix, Linux, MAC (Message Authentication Code), or Windows; common security operations, intrusion detection systems, Security Incident Event Management systems, Penetration Testing, Web Application assessment, Secure Coding practices
- Professional certifications CISSP, CISM, CISA, GSEC, Network +, Security +
- Knowledge of industry standard security compliance programs such as PCI (Payment Card Industry), SOX (Sarbanes-Oxley), GLBA (Gramm Leach Bliley Act) etc.
- Certified Ethical Hacker CISSP
For more information please contact Ken at firstname.lastname@example.org or 603-778-9090
Unfortunately we are unable to provide sponsorship for this opportunity