JOB DESCRIPTION:
Lead security initiatives, providing strategic direction and guidance to the security team. Collaborate with cross-functional teams to develop and implement comprehensive security strategies aligned with business objectives. Mentor and coach junior security engineers, fostering a culture of continuous learning and development. Conduct regular security assessments and audits to identify potential vulnerabilities and risks. Develop and maintain risk management frameworks and processes to proactively address security threats. Provide recommendations and guidance to mitigate risks and enhance security posture. Design, implement, and maintain robust security architecture for networks, systems, and applications. Evaluate new technologies and solutions to ensure compliance with security standards and best practices. Collaborate with development teams to integrate security controls into the software development lifecycle. Lead the development and execution of a comprehensive penetration testing program. Design and oversee penetration testing exercises to identify vulnerabilities and assess the effectiveness of security controls. Coordinate with internal teams and external vendors to conduct penetration tests on a regular basis. Lead incident response activities, including investigation, analysis, and resolution of security incidents. Develop and implement incident response plans and procedures to minimize impact and restore normal operations. Conduct post-incident reviews and lessons learned sessions to improve incident response capabilities. Perform other duties as needed.REQUIREMENTS:
Bachelor’s degree or foreign equivalent in Computer Science, Computer Engineering, Information Systems, or a related field required.3 years of experience in job offered or related occupations required.Also required is: 3 years of experience: deploying and administering web applications in a cloud environment including authoring of cloud formation templates, automated pipelines, and general infrastructure as code; managing web-based security tools in a cloud environment; utilizing common security libraries, security controls, and common security flaws to identify potential vulnerabilities, forms of mitigation, and protection against exploits; using Python to perform extract, transform, and load tasks to manage vulnerability information; utilizing OWASP, static/dynamic analysis, and common security tools to assist development teams as part of a secure development lifecycle; using network and web related protocols including TCP/IP, UDP, HTTP, HTTPS, and protocols to assist development teams as part of a secure development lifecycle; and working with developers to assist development teams as part of a secure development lifecycle.Employee reports to LexisNexis USA office in Raleigh, NC but may telecommute from any location within the U.S.Experience can be concurrent.#LI-DNI
#IND-DNS
#ICT
LexisNexis, a division of RELX, is an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form: https://forms.office.com/r/eVgFxjLmAK , or please contact 1-855-833-5120.
Please read our Candidate Privacy Policy.