Job Description
Job Title: Sr. Engineer, Enterprise Information Security
Location: Bellevue WA
Duration: 9 Months (with high possibility of extending into full time)
Job Description:
SR. SECURITY ENGINEER SKILLS & RESPONSIBILITIES
• Act as a trusted technical advisor with key security stakeholders at all levels of the organization for a variety of information security projects that arise from current business and technological developments
• Hands-on experience supporting network, operating system, database, application & data layers across multiple platforms and technologies
• Ability to assess risks and provide innovative countermeasures and solutions that appropriately balance security and business requirements
• Ability to step into an uncontrolled space and bring security structure
• Provide guidance to security analysts, PMs, business partners and IT leadership when new projects are introduced to the business or new risks are identified
SECURITY DESIGN ASSESSOR
• Ability to consult internally with Sr. Engineers (Application, Network, DevOps) to apply security principles and best practices that meet business objectives
• Experience controlling the threat surface area, identifying attack vectors, vulnerabilities and establishing appropriate controls. Can build a threat model
• Evaluation & assessment of compliance to a regulation, law or policy using industry standard methodologies (ISO27001, COBIT, NIST, etc.) in an enterprise environment
Required Qualifications:
INTERNAL TOOLS
• Evaluate, recommend, and implement commercial hardware and software security products to augment and enhance the Company enterprise security program
• Hands-on experience installing, configuring, and supporting security related hardware and software such as Certificate Management, Remote Connection, Network Protection, Data Loss Prevention, File Integrity Monitoring, Security Auditing & Logging, and Vulnerability Management
• Ability to learn a new technology and drive it from ideation through deployment and integration to fully automated and operationalized
• Ability to automate basic integration, data collection, scripting and reporting tasks via secure coding standards
TEAMMATE
• Ability to work on multiple tasks simultaneously, set priorities, communicate delivery expectations, and meet deadlines
• Innovative, collaborative and able to solve problems independently
• Able to work within the team to build measurable, repeatable processes
• Strong verbal and written communication skills
QUALIFICATIONS
• 5+ years of IT infrastructure proficiency and experience that could include one or more of: Encryption, Tokenization, Forensics/eDiscovery, Penetration Testing, Firewalls (OS, WAF), Proxies, Gateways, Routers, VPN, Application Security SAST/DAST, etc.
• 5+ years information security experience preferred
• Proven ability to assess and influence capital project design and delivery decisions
• Proven ability to assess, recommend, deploy and integrate Information Security tools
• Foundational understanding of several enterprise environment technologies
• Working knowledge and experience in multiple ISC2 security domains
• Familiarity with current legal and regulatory requirements around information security and privacy, including PCI, SOX, HIPAA, GLBA, etc
• Ethical Penetration Testing experience preferred
• Available for work in Bellevue, WA (Factoria)
• CISSP Preferred