Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Security Engineer - IV

Expired Job

Softpath System Ashburn , VA 20146

Posted 3 months ago

Cloud Security Engineer/SME. The candidates shall have a minimum of seven (7) years of experience in cloud security in Cyber Security. If the candidate has a bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field, five (5) years of experience in incident detection and response, and cloud engineering/security is required.

This is a hands-on role that requires a high degree of technical security expertise within the AWS ecosystem. You will be the person responsible for security related tasks, including the implementation and day-to-day administration of Information Security solutions, and optimizing configurations for effectiveness.

Your primary responsibilities include performing assessments of security architecture, making practical recommendations to reduce risks, and then help realize the change, as well as the prevention and remediation of security vulnerabilities within AWS using existing or new solutions. Your daily task will have you interacting closely with personnel from other functions in Information Security, Cloud Ops, R&D, and Product Management.

Assist teams in complying with cloud security controls
Design/apply common security controls and control inheritance guidelines to support a component-based application of the security architecture.
Develop and mature the security controls matrix that consolidates all applicable security controls and associated control type, control owners, implementation and status
Support continuous monitoring of the system through attendance at change management meetings, identifying impacts to security, performing assessment and communicating impact to security posture with recommendations and ongoing security control assessments and updates to key documentation.
Measure compliance against standards
Performs requirements analysis, and develops software architectures to meet requirements
Provide training on technologies to other engineers and team members
Strong multi-tasking and organizational skills
Ability to prioritize simultaneous high visibility projects
Configure and maintain automation and scripting via PowerShell, Python, Perl, or Bash
Develop System Security Plans working with the engineering and operations teams to identify strategies for control implementation
Develop system-specific policy, process and procedures ranging from access control, vulnerability management and key management
Develop other security-related documents required for authorization such as categorization, contingency plans, incident response plans and privacy impact assessments
Develop procedures to automate security tasks during code builds and deployments
Report unresolved security exposures, misuse of resources, and noncompliance situations using defined escalation processes.

Your skills:

Knowledge of network based, system level, and application layer attacks and mitigation methods
Experience configuring/sending pertinent security data from SIEM solutions and AWS audit, logs, and reports
Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 27017
Experience in DevOps environments and maintaining security in CI/CD processes
Experience with the development, deployment, and automation of security solutions in an enterprise cloud based environment
Experience with a broad range of security technologies including, SAST, DLP, IDS/IPS, IAM, Certificate Management, etc
Experience working with container technology including Docker and Kubernetes
Knowledge of AWS automation strategies and tools
Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
Ability to clearly and effectively communicate concerns, issues to other teams
Experience in developing, documenting, and maintaining security procedures
Proficient in AWS CLI, Bash, and Python
Must have knowledge of cloud automation and deployment frameworks with regards to their use in highly available environments (Lambda/CloudFormation/Azure Resource Manager/Azure Functions)

Comments
Comment Created By Date
Contact with questions. 6 months, possibility of extension depending on performance and need. Resource is needed on site in Ashburn, VA 5 days a week. Jordan Shaffer 2018-09-14 15:27:21



See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Risk Engineer

Verizon Communications

Posted 1 week ago

VIEW JOBS 11/6/2018 12:00:00 AM 2019-02-04T00:00 What you'll be doing... The position will be part of the IT Information Security Office (ISO) supporting the VZW Business Unit. The VZW Security Risk team will be focused on improving the security risk posture through engagement in IT and business initiatives impacting the VZW IT network, information assets and business operations. This position will identify information security risks associated with the implementation plans of IT initiatives and provide security consultation, direction and guidance that meet the security policy requirements, security standards and best practices, and government and industry regulations. The team will work with IT application leaders, business owners and 3rd Party business partners to ensure the security requirements are fulfilled and risks are reduced. When risk acceptance is requested the team will work with Security leadership and business stakeholders to gain risk acceptance on information security risk matters. Additionally the team will inform and educate the application, technical and business teams on security policies, risks and threats to the organization. * This role will provide focused risk analysis support across the VZW Business Unit providing process guidance and risk assessment. * Act as a stakeholder representing Information Security in functional and technical requirements and design sessions via the agile and traditional software development methodologies. * Assign a preliminary risk profile by identifying the information security risk factors based on data classification, design, and functional purpose and use. * Specific attention to the following control areas is required: authentication, authorization, access controls (network and user), secure transmission and storage, encryption/key management, segmentation and network zoning, data flows, third party access and connectivity and functional purpose. * Work with architecture, design, and development teams to understand enterprise solutions and impacts on security controls. * Collaborate and build relationships with IT colleague's core business partners for continued security education and awareness. * Complete detailed risk assessment and provide risk reduction recommendations and security requirements and guidance to IT and business teams supporting the initiatives. * Provide security requirements during planning sessions, functional and technical requirement sessions, user story creation and grooming, and technical design based on identified risks. * Determine if any compensating controls are necessary due to inability to comply with the primary control requirements. Facilitate and help design compensating controls when needed. * Ensure requirements and design include approved strategic security technologies. * Complete and present to Security management and business sponsors a risk assessment evaluation articulating risk and impact analysis when security controls cannot be met by an initiative to ensure transparency and appropriate level of acceptance. * Broker meetings as needed between project team members and specialized security experts when additional details are required or circumstances are unique or private (under special NDA). * Participate weekly meetings with management and security team peers to provide project updates and risk overviews. What we're looking for... You'll need to have: * Bachelor's degree in Information Systems or related field; or 4 or more years of work experience. * 3-5+ years of related experience in Information Security, Software Development/Technical Support. Even Better if you have: * 3-5+ years IT or related experience. * Experience in an Information Security, Software Development/Technical Support related position. * IT or related experience. * One or more of the following professional certifications: CISA (Certified Information Security Auditor), CISM(Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Controls), GSEC (General Security Essentials Certification), or equivalent, or willingness to obtain within 6 months. * A thorough understanding of all stages of the SDLC process, from coding and code promotion through all levels of testing as well as management of multiple non-production environments. * A solid understanding of networking technologies ad portals. * A base knowledge of databases and operating systems. * Knowledge of data security fundamentals and best practices with prior responsibilities of protecting information assets. * A demonstrated ability to coordinate and lead productive working sessions with resources from multiple application and technology teams across the enterprise. * Ability to effectively communicate with Legal department attorneys and other supporting business groups such as Compliance and Finance. * Excellent written and verbal communication skills. The ability to work effectively with multiple corporate cultures. * Familiarity with IT Governance practices and processes, and solid business acumen. * Prior experience producing reference documentation for technical or business reference. * Excellent documentation and organization skills. 22CyberRisk When you join Verizon... You'll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America's fastest and most reliable network, we're leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we're about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon. Equal Employment Opportunity We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better. Verizon Communications Ashburn VA

Security Engineer - IV

Expired Job

Softpath System