Senior Web Application Security Engineer
Posted on Dec 12, 2018 by Request Technology - Craig Johnson
Prestigious Enterprise Company is currently seeking a Sr. Web Application Security Engineer.
Candidate will provide solutions to complex security, and provide strategies, policies standards, guidelines and procedures. Candidate will lead the remediation of significant gaps in the security and create solutions for problems in the areas of Infrastructure, Endpoint, and Cloud Security
In addition, candidate will give guidance to and mentor SOC Analysts and Engineers.
Design and development of Security Solutions to protect Company IT assets
Forecast and Establish technical requirements in concert with Architecture and Risk Management for Connectivity (intra and intercompany), Internet facing solutions, Infrastructure, Application, eCommerce, Mobility, Cloud, etc.
Work closely with Infrastructure OR Software Delivery engineering teams to ensure security requirements are understood and built into the design of other enterprise services
Provide subject matter expertise for Architecture, Planning and Roadmap sessions
Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies
Document solutions engineered to be handed off to SOC, and other Engineering support organizations
Own Security aspects of Software OR Infrastructure Delivery life cycle
Perform product and solution life cycle management ensuring capacity, integrity and availability of all systems.
Lead the execution of more complex multi-platform changes
Participate in projects as required; analyze, design, develop and implement security solutions which protect the information assets while enabling business functionality
Lead/direct IT infrastructure OR application penetration testing using standard tools and procedures
Perform Root Cause analysis for security or availability failure and direct the remediation of Security related causes
Bachelors degree in Information Systems or related degree, or equivalent job experience.
2 years of experience in Security solution design, implementation and troubleshooting across all computer platforms.
5 years of experience in Security technology implementation and troubleshooting across all computer platforms (Can count a bachelors degree in CS, or InfoSec as 1.5 years of experience)
5 or more years required of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments.
Experience and hands-on working knowledge with a variety of security technologies and processes including but not limited to Firewall, VPN, SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, data loss prevention, content filtering technologies, application Firewalls, vulnerability scanners, forensics software, and security incident response.
Understanding of Cloud solution best practices and integration techniques
GIAC and ISC2 certifications such as CISSP are highly preferred.
Good understanding of Risk and Compliance framework, regulatory compliance (Sarbanes-Oxley (SOX) and PCI-DSS)
Strong attention to detail
Ability to effectively prioritize and execute tasks in a complex environment
Solid understanding of standard business processes including Change Management, Problem Management, Work Prioritization, Quality Assurance, and Continuous Improvement best practices, etc.