Digital Reasoning is seeking a Security Engineer for our Infrastructure Operations team. We're looking for a bright, ambitious, and highly capable person to drive the information security initiatives across our fast-paced organization and work with advanced technologies.
What you’d be responsible for
- Perform daily system monitoring, verifying the integrity and availability of all systems and key processes, reviewing system and application logs for security related events.
- Utilize and configure infrastructure monitoring and reporting tools.
- Develops and manages security policy and procedure for business units across the enterprise to prevent malicious attacks from compromising company systems and information.
- Management of automated and human Penetration Testing and Vulnerability Scanning cadence, including enforcement of remediation of findings with Product Management
- Develops and implements security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines).
- Responsible for the configuration and management of antivirus, IDS/IPS,reputation, system integrity monitoring, and for the tracking and monitoring of software virus and malware incidents.
- Enforces security policies and procedures by administering and monitoring security profiles; reviews security violation reports; investigates possible security exceptions; and updates, maintains, and documents security controls.
- Maintains and monitors the company’s firewall and ensures utilization of encryption methods.
- Provide input into, and regular updates on, RFP responses and customer-facing architecture and security collateral
- Provides direct support to the business and IT staff for security-related issues.
- Educates IT and the business about security policies and consults on security issues regarding user built/managed systems.
- Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
- Current technology stack includes OSX, Linux, AWS, Cisco/Meraki, Hadoop, ElasticSearch Python, Django, MySQL, Angular, Git
- Performs other related duties as assigned.
Traits we’d love to see
- HIPAA and HiTRUST experience
- Ability to work on multiple tasks, prioritizing and organizing these tasks to maximize productivity
- Self-starter with strong communication skills
- Ability to work independently as well as in a team
- Eagerness to tackle problems outside your core competencies and learn new technologies as required
- BS or MS in Computer Science, Information Systems or demonstrated industry hands-on experience
- Minimum 5 years of hands on security experience
- Experience in securing server and network environments for modern web applications and services
- Experience with Linux servers in virtualized environments
- Knowledge of common information security management frameworks
- Strong background in security operations, processes, solutions and technologies
- Strong understanding of policy, compliance, and best practice security principles
- Familiarity with docker or other containerization technologies
- Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy
- Experience with enterprise risk assessment methodologies
- Knowledge of security domains such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, DLP, Encryption, Two-Factor Authentication, Web-filtering, Centralized Security Event Logging, Advanced Threat Protection, Forensics tools, End Point Security Clients.
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks.
- CISSP, GPEN, CEH or other relevant Information Security certifications are a plus