Security Engineer

  • Digital Reasoning
  • Franklin, TN, USA
  • Jul 24, 2018
Full time Information Technology Security

Job Description

Digital Reasoning is seeking a Security Engineer for our Infrastructure Operations team. We're looking for a bright, ambitious, and highly capable person to drive the information security initiatives across our fast-paced organization and work with advanced technologies.

What you’d be responsible for

  • Perform daily system monitoring, verifying the integrity and availability of all systems and key processes, reviewing system and application logs for security related events.
  • Utilize and configure infrastructure monitoring and reporting tools.
  • Develops and manages security policy and procedure for business units across the enterprise to prevent malicious attacks from compromising company systems and information.
  • Management of automated and human Penetration Testing and Vulnerability Scanning cadence, including enforcement of remediation of findings with Product Management
  • Develops and implements security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines).
  • Responsible for the configuration and management of antivirus, IDS/IPS,reputation, system integrity monitoring, and for the tracking and monitoring of software virus and malware incidents.
  • Enforces security policies and procedures by administering and monitoring security profiles; reviews security violation reports; investigates possible security exceptions; and updates, maintains, and documents security controls.
  • Maintains and monitors the company’s firewall and ensures utilization of encryption methods.
  • Provide input into, and regular updates on, RFP responses and customer-facing architecture and security collateral
  • Provides direct support to the business and IT staff for security-related issues.
  • Educates IT and the business about security policies and consults on security issues regarding user built/managed systems.
  • Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
  • Current technology stack includes OSX, Linux, AWS, Cisco/Meraki, Hadoop, ElasticSearch Python, Django, MySQL, Angular, Git
  • Performs other related duties as assigned.

 

Traits we’d love to see

  • HIPAA and HiTRUST experience
  • Ability to work on multiple tasks, prioritizing and organizing these tasks to maximize productivity
  • Self-starter with strong communication skills
  • Ability to work independently as well as in a team
  • Eagerness to tackle problems outside your core competencies and learn new technologies as required
  • BS or MS in Computer Science, Information Systems or demonstrated industry hands-on experience
  • Minimum 5 years of hands on security experience
  • Experience in securing server and network environments for modern web applications and services
  • Experience with Linux servers in virtualized environments
  • Knowledge of common information security management frameworks
  • Strong background in security operations, processes, solutions and technologies
  • Strong understanding of policy, compliance, and best practice security principles
  • Familiarity with docker or other containerization technologies
  • Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy
  • Experience with enterprise risk assessment methodologies
  • Knowledge of security domains such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, DLP, Encryption, Two-Factor Authentication, Web-filtering, Centralized Security Event Logging, Advanced Threat Protection, Forensics tools, End Point Security Clients.
  • Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks.
  • CISSP, GPEN, CEH or other relevant Information Security certifications are a plus