Security Engineer

D

DATAMAXIS

Security Engineer

Dearborn, MI
Full Time
Paid
  • Responsibilities

    Job Title: Security Operations Lead (Security Engineer)

    Location: Dearborn, MI (3 days in a week onsite)

    Job Summary:

    Application Security Operations:

    • Oversee the operational use and effectiveness of application security tools, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA).
    • Collaborate with development and DevOps teams to integrate security testing into the CI/CD pipeline and ensure vulnerabilities identified by these tools are triaged and remediated effectively.
    • Provide guidance on interpreting scan results and prioritizing remediation efforts for application-level vulnerabilities.
    • Handling container security, ensuring base images are updated

    Cloud Security:

    • In-depth knowledge and hands-on experience with Microsoft Azure security services, specifically Microsoft Defender for Cloud, Entra ID and Azure Sentinel (SIEM/SOAR)
    • Proficiency in assessing and hardening Azure environments, including IaaS, PaaS, and network security configurations.
    • Defining and enforcing policies for Terraform, ARM templates, or Bicep.

    Infrastructure Vulnerability Management:

    • Proactively manage and conduct regular vulnerability assessments and remediation efforts for our infrastructure using Microsoft Defender for Cloud
    • Ensure continuous security posture management for cloud and hybrid environments, identifying misconfigurations and security weaknesses.
    • Work with relevant teams to prioritize and implement recommended security controls and patches identified through Defender for Cloud.

    Minimum Qualifications and Job Requirements:

    • 5 - 8 years Application and/or Infrastructure security experience ISO experience or certification
    • Certifications (one or more highly preferred):
    • CISSP (Certified Information Systems Security Professional)
    • CISM (Certified Information Security Manager)
    • AZ-500 (Microsoft Certified: Azure Security Engineer Associate)
    • CySA+ (CompTIA Cybersecurity Analyst+)
    • CEH (Certified Ethical Hacker)

    Other Responsibilities:

    • Work with Security team on other technical security related issues.
    • Maintain security tools and software
    • Consult with developers on application security
    • Manage security ticketing system