Engineer, Information Security-190451

Ellie Mae, Inc. Pleasanton , CA 94588

Posted 7 months ago

Ellie Mae (NYSE:ELLI) is the leading cloud-based platform provider for the mortgage finance industry. Ellie Mae's technology solutions enable lenders to originate more loans, reduce origination costs, and reduce the time to close, all while ensuring the highest levels of compliance, quality and efficiency. Visit EllieMae.com to learn more.

Ellie Mae is looking for a bright, passionate and dedicated individual to join our Information Security team.

Summary of Responsibilities

  • This individual would be responsible for the overall application security efforts and would play a key role in maintaining and continuing to enhance security for Ellie Mae.

  • This will include working closely with our Sr. Director, Information Security to implement security policies and employ a variety of technologies to monitor adherence to these policies.

  • This is a very senior position and will require someone that is comfortable working across multiple security disciplines, organization functions and departments.

  • The Sr. Engineer, Information Security will be responsible for Application Security of Next Generation and Current Generation application.

  • Performing threat analysis of the architectures, propose solutions. Performing the threat analysis and tuning of Web attacks and perform forensic investigations.

  • The Sr. Engineer, Information Security will play a key role in defining the new generation security architecture for AWS cloud environment, recommend security architecture improvements, and provide metrics for executive-level dashboards.

Basic Skills and Qualifications

  • Perform code review, static code analysis, dynamic code analysis.

  • Able to automate the security toolkits with automation tools like Jenkins, terraform, Jfrog, other repositories.

  • Proficient in SWAT analysis for threat modelling.

  • Proficient in OWASP Top 10 attacks, scenarios.

  • Proficient in performing Application Specific Pen Testing on Web applications, mobile Applications, REST API, SOAP API and able to build automated frameworks and toolkits.

  • Ability to script in python, Ruby, perl if required for security automation.

  • Serve as a resource cross-functionally to share security insight and best practices with other teams.

  • Design, build and deploy next generation cloud security practices to protect Company's public and private cloud infrastructure.

  • Work across product, cloud and business systems teams to enhance and evangelize security in cloud environments.

  • Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.

  • Evangelize security throughout the enterprise and drive changes needed to respond to emerging threats.

  • Lead initiatives to develop and build security utilities and tools that will enable others to operate more efficiently and securely in cloud environments.

  • Able to integrate the framework logs in SIEM.

  • Threat briefing to Product team and solutioning.

Basic Skills and Qualifications

  • In-depth knowledge of AWS and other public and private cloud infrastructures.

  • 5+Experience with building and operating secure infrastructures.

  • 5+ years of experience as a security professional.

  • In depth knowledge of AWS, other private cloud environment and security.

  • Strong understanding of Application Security, Oauth frameworks, OWASP top 10, Pen Testing.

  • Background in application development

  • Excellent written and communication skills

  • Strong work ethic, demonstrated self-starter, ability to work in a fast paced, team-oriented environment

  • Strong organizational skills

  • Strong technical aptitude, a desire to learn, and a very strong interest in security is a must

  • 2+ years working in a UNIX/Linux environment

  • 2+ years working in a Microsoft environment

  • Strong knowledge packet/traffic analysis, wireshark, BurpSuite, Nessus, nmap and related tools (e.g.: Wireshark, tcpdump)

  • SIEM (Ex: Splunk, ArcSight, etc)

  • Encryption technologies (ex: SSL/TLS, IPSec, TDE, PKI)

  • Authentication/Authorization

  • Experience with many of the following technologies: Web Application Firewall, DLP, HIPS, File Integrity, ETDR tools, Enterprise anti-malware solutions, Wireless Security

  • OS hardening and security best practices

#LI-TM1

Ellie Mae is an equal opportunity and affirmative action employer. Women, minorities, people with disabilities, and veterans are encouraged to apply.

We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Jr Security Analyst / Engineer

Wavestrong

Posted 3 weeks ago

VIEW JOBS 2/5/2020 12:00:00 AM 2020-05-05T00:00 <p>Founded in 2001, WaveStrong is an industry leader in enterprise and cloud information security consulting services. We pride ourselves on our best of breed security solutions and services that span a myriad of government, education and business verticals. Our staff is comprised of both certified technical and business professionals who can help you successfully navigate complexities of planning, design, implementation and management of securing data. Our approach is vendor agnostic giving our customers the freedom to choose the best customized security model for their business.<br></p><p><br></p><p><strong>Requirements</strong></p><ul> <li>Bachelor’s Degree in Computer Science or similar program</li> <li>1 plus years of hands-on information security experience</li> <li>Manage critical cybersecurity events in a central ticketing system from the time the event is detected through the alerting process.</li> <li>Security Incident and Event Monitoring (SIEM) experience a plus</li> <li>provide analysis of Information Security Events and determine true or false positive; and execute appropriate response procedures.</li> <li>Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures.</li> <li>Comfortable working a designated shift to support 24x7 environment to monitor and alert on malware analysis related to the identified security event(s)</li> <li>Accomplish organization goals by accepting ownership for accomplishing new and different requests; explore opportunities to add value to job accomplishments.</li> <li>Nice to have: CEH, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or similar</li> <li>Experience with a programming/scripting language such as Python, Perl or similar in an incident handling environment</li> </ul> Wavestrong Pleasanton CA

Engineer, Information Security-190451

Ellie Mae, Inc.