Security Engineer


Job ID 18-00142

Industry Computer/IT

Job Type Permanent

Location San Francisco, CA

Description

Job Description:
The Security Engineer coordinates security responses with and trains engineers from other groups within the IT Function such as the MIS team, the NOCC, Network Engineering and the Production Support organization. This role requires availability for off-hour support and travel within the continental Unites States as needed. The primary responsibility of the Security Engineer is information security incident management.

This includes:
Responds to information security incidents in a quick, effective and orderly manner
Monitors systems, alerts and vulnerabilities
Collects evidence for administrative follow-up or legal action
Conducts postmortems, enhancing controls and training others
Analyzes security incidents and reports finding to management

Documents and maintains the following types of procedures:
Recovery procedures that address specific classes of security incidents such as malicious code, denial of service attacks, breaches of confidentiality and internal misuse of information systems
Contingency plans for system recovery that identify the cause of an incident, detail how to contain the threat and identify corrective action for preserving live systems data
Guidance on how to collect forensic evidence for civil or criminal proceedings
Emergency actions and control procedures that will reduce the likelihood of recurrence. Familiarity with Unix/Linux, Windows Active Directory, OWASP, Network protocols and how to secure them.
Familiarity with NetScreen, Palo Alto, Checkpoint or other Firewall technologies, various IDS/IPS and SEIM systems. Experience implementing information security controls
Knowledge of other Security systems such as DLP, Application scanning, or Vulnerability assessment.
Demonstrated flexibility in approach and in developing solutions
Demonstrated ability to work independently as well as a member of a team
Demonstrated analytical skill, technical knowledge and practical application of information security at a business aware and technical level
Ability to explain complex IT concepts in non-technical terms
Demonstrated flexibility in approach and in developing solutions
Experience in the Financial Services industry and solid understating of SOX, PCI and SDP compliance requirement
Take charge personality, and the ability to drive a plan to completion
CISSP certification is highly desirable. Other industry standard certifications such as MCSE, CCSE, CCNA, CEH, Security+ or SANS also desirable.



Qualifications

Experience / Education:
Bachelor's Degree (B.S.) in Computer Science or equivalent job experience
Minimum 3 years security experience in implementing security solutions and processes
Minimum 5 years' experience of implementation and maintenance some of the following IT systems, with a security focus; Windows 2008, 2012 server, Remote Access solutions, SSL/IPSEC VPN services, border routers security, firewalls, IP/VoIP network, DNS, WINS, IP network, TCP/IP, SSL certificates and Intrusion Detection System (IDS), IDS Alerts, and IDS signature upgrades, local and wide area networks

CANDIDATE DETAILS
2+ to 5 years' experience
Seniority Level - Associate
Management Experience Required - No
Minimum Education - Bachelor's Degree
Willingness to Travel - Occasionally