Security Engineer (fully remote)
A key global client of mine who are serving more than 5,000 clients globally are currently looking for a Security Engineer to join their team on a permanent basis
- Ensure that our applications, software and infrastructure is designed and implemented to the highest security standards.
- Perform security assessments, design reviews, security audits, risk analysis, vulnerability testing and security code-reviews on a wide variety of environments.
- Work with key stakeholders across the company to define, design and implement effective security controls and remediate vulnerabilities to improve our security posture and reduce risk to acceptable levels
- Conduct assessments of threats and vulnerabilities and determine deviations from acceptable security baselines
- Manage security technology processes and solutions, sometimes through 3rd parties, including endpoint protection, vulnerability management, and SIEM
- Review security events for context, appropriateness, and criticality and be an incident responder as needed
- Create security operations playbooks to ensure a consistent approach and response to current & emerging threats
- Conduct network monitoring and intrusion detection analysis using various Computer Network Defense (CND) tools, such as Intrusion Detection/Prevention Systems (IDS/IPS), Firewalls, Host Based Security System (HBSS), etc.
- You will also work closely with other security engineers, compliance analysts, DevOps, IT, and architects to enhance our application security posture.
- Perform security assessments, gather evidence for security audits, review third party security documentation
- Develop technical solutions to help mitigate application security vulnerabilities
- Conduct research to identify new attack vectors against products and services.
- Extensive experience in Information Security or a related field
- 7+ years of security development experience
- Expertise in TCP/IP. Understanding of common network vulnerabilities, OS vulnerabilities (Windows and macOS), patching and attack patterns
- Strong organization, time management and project management skills
- Experience in public cloud environments
- An understanding of system hardening, containerization, and cloud security controls
- Familiarity with ISO27001, SOC, GDPR, & CCPA
- Excellent interpersonal skills & communication skills; you should be an ambitious teammate with strong analytical, problem solving, debugging and troubleshooting skills
- Familiarity with Enterprise Vulnerability Management tools
- 2+ years of experience with M365 Defender & M365 Cloud Application Security
- 2+ years of experience with Azure SSO
- 2+ years of experience with IDS/IPS solutions such as Fortinet
- 3+ years of experience with public cloud services including AWS, GCP and Azure
- Previous mergers & acquisition experience is a PLUS