Security Engineer

Digital Reasoning is seeking a Security Engineer for our Infrastructure Operations team. We're looking for a bright, ambitious, and highly capable person to drive the information security initiatives across our fast-paced organization and work with advanced technologies.

What you’d be responsible for

• Perform daily system monitoring, verifying the integrity and availability of all systems and key processes, reviewing system and application logs for security related events.
• Utilize and configure infrastructure monitoring and reporting tools.
• Develops and manages security policy and procedure for business units across the enterprise to prevent malicious attacks from compromising company systems and information.
• Management of automated and human Penetration Testing and Vulnerability Scanning cadence, including enforcement of remediation of findings with Product Management
• Develops and implements security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines).
• Responsible for the configuration and management of antivirus, IDS/IPS,reputation, system integrity monitoring, and for the tracking and monitoring of software virus and malware incidents.
• Enforces security policies and procedures by administering and monitoring security profiles; reviews security violation reports; investigates possible security exceptions; and updates, maintains, and documents security controls.
• Maintains and monitors the company’s firewall and ensures utilization of encryption methods.
• Provide input into, and regular updates on, RFP responses and customer-facing architecture and security collateral
• Provides direct support to the business and IT staff for security-related issues.
• Educates IT and the business about security policies and consults on security issues regarding user built/managed systems.
• Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
• Current technology stack includes OSX, Linux, AWS, Cisco/Meraki, Hadoop, ElasticSearch Python, Django, MySQL, Angular, Git
• Performs other related duties as assigned.

Traits we’d love to see

• HIPAA and HiTRUST experience
• Ability to work on multiple tasks, prioritizing and organizing these tasks to maximize productivity
• Self-starter with strong communication skills
• Ability to work independently as well as in a team
• Eagerness to tackle problems outside your core competencies and learn new technologies as required
• BS or MS in Computer Science, Information Systems or demonstrated industry hands-on experience
• Minimum 5 years of hands on security experience
• Experience in securing server and network environments for modern web applications and services
• Experience with Linux servers in virtualized environments
• Knowledge of common information security management frameworks
• Strong background in security operations, processes, solutions and technologies
• Strong understanding of policy, compliance, and best practice security principles
• Familiarity with docker or other containerization technologies
• Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy
• Experience with enterprise risk assessment methodologies
• Knowledge of security domains such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, DLP, Encryption, Two-Factor Authentication, Web-filtering, Centralized Security Event Logging, Advanced Threat Protection, Forensics tools, End Point Security Clients.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks.

• CISSP, GPEN, CEH or other relevant Information Security certifications are a plus