Position Summary:
The Sr. Engineer, Cyber Security is a member of the Security Operations team responsible for building, managing and supporting the security infrastructure that underpins all internal and external user technology services, according to security policies and best practices.
As a member of a team working in complex, big data platforms, the incumbent will face the challenges that go along with those types of environments and be expected to stay abreast of new and upcoming technologies so as to be in a position to suggest improvements to existing implementations. The incumbent will work with other internal and external engineers to ensure that services and solutions are delivered securely and efficiently, advising teams on security designs and decisions, and ensuring adherence to Inmar technical standards.
The incumbent must have a service-oriented mentality, a high sense of ownership of the problems and requests assigned, a focus on managing and resolving issues in alignment with the SLAs, establishing and maintaining communication with technology customers to keep them updated with status of their requests, initiating and performing changes on production systems and proactively escalating any issues that cannot be resolved within the established timeframes.
Primary Accountabilities:
Additional Responsibilities:
Performs other duties as assignedComplies with all policies and standardsRequired Qualifications:
Bachelors of Science Degree in Computer Science, or a Bachelor of Arts Degree in a related technical field, required7-9 years 7+ years of related work experience in security engineering requiredOr any equivalent combination of experience and training/certification that provides the required knowledge, skills, and abilities needed to complete the major responsibilities/essential functions of the position requiredStrong experience in web and mobile application security requiredStrong experience in distributed platform development security and design requiredExperience with industry tools and technologies such as Burp, Metasploit, etc. requiredIn-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)Working knowledge of common languages such as Python, GO, Javascript, Java, etc.Familiarity in public cloud security deployment and implementation issues (AWS, Azure, GCP)Familiarity with audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc.Proven expertise in enterprise-grade and web scale security solutionsSecurity and Risk AssessmentAware of Security governance principles and able to apply them to the enterpriseUnderstands the legal and regulatory Issues relevant to the enterprise and does not place the enterprise at risk.Security EngineeringSolid working knowledge of secure design principlesSolid working knowledge of database securitySolid working knowledge of cloud computingSolid working knowledge of CryptographyCommunication and Network SecurityCan explain all layers of the OSI model and what they doUnderstands multi-layer protocolsCan manage and configure switches, routers, firewalls, proxiesUnderstands content distribution networksIdentity and Access ManagementPhysical and logical accessLDAPMulti-factor authenticationSession managementCredential managementSecurity OperationsParticipates in InvestigationsParticipates in operational, criminal, civil, and regulatory investigationsWorks with logging and monitoringPerforms security operations granting permissions based on Need-to-know and least privilegeParticipates in Incident managementManages and configures IDS and IPSSoftware Development SecurityAware of software development lifecyclesAware of what software development methodologies are used in the enterprise and can explain what it meansFamiliar with DevOps conceptsAware of Security vulnerabilities and understands how the following work: Bounds checking, Input/output validation, Buffer overflow, Privilege escalationAware of secure coding practicesUses code repositoriesCISSP Certified Information Systems Security Professional OSCP, GCIH, GXPN, GPEN preferredPhysical Demands
The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job.
Rarely: Job requires this activity up to 25% of the time
Occasionally: Job requires this activity between 25% - 50% of the time
Frequently: Job requires this activity between 50% - 75% of the time
Constantly: Job requires this activity more than 75% of the time
Individual Competencies
As an Inmar Associate, you:
Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations.Treat clients and teammates with courtesy, consideration and tact; you also have the ability to perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client.Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually beneficial partnerships, leverage information and achieve results.Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability.Understand that results are important and focus on turning mission into action to achieve results following the principles of Flawless Execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.Support a safe work environment by following safety rules and regulations and reporting all safety hazards.We are an Equal Opportunity Employer, including disability/vets.