Tuesday, September 1, 2015

Sr. Information Security Eng. (WAF)

Monterey Park, CA
Salary:  Base plus bonus
Title:  Sr. Information Security Engineer/WAF

This is an AVP position in Monterey Park.  Candidate MUST HAVE WAF (Web Application Firewall) experience. 
This position is basically analyzing threats. 
On-Site role- Must sit in CA. 
Please reach out to me ASAP if interested!


This is an experienced Information Security position with the task of developing, testing, documenting, and implementing information security controls and solutions. Role enforces security strategies and supports existing systems in accordance with established policies, standards, guidelines and procedures. Develops/defines the security standards for new/existing security controls. This position requires working knowledge of: large-enterprise data networking, wireless network security, firewalls, web proxies, secure remote access solutions, data-loss prevention, two-factor authentication, vulnerability assessment, and configuration compliance.

Sr. Information Security Eng. (WAF)
This is an experienced Information Security position with the task of designing, developing, testing, documenting, and implementing information security controls and solutions. Role enforces security strategies and supports existing systems in accordance with established policies, standards, guidelines and procedures. Develops and defines the security standards for new/existing security controls. Investigates and resolves security incidents and recommends enhancements to improve security. Evaluate and test hardware, firmware and software for possible impact on system security, and participate in the investigation and resolution of security incidents. Develop and manage web application security through Web Application Firewall policies, incident monitoring, system/application vulnerability assessment scan findings, and risk assessment reviews. This position requires working knowledge of: large-enterprise data
networking, wireless network security, firewalls, web proxies, secure remote access solutions, data-loss prevention, two-factor authentication, vulnerability assessment, and configuration compliance.


General Job scope:
• Performs work that is complex and varied in nature. Defines and discerns key aspects of a problem and develops an integrated solution within a broad technical and business context of significant impact.
• May provide guidance/training to more junior staff.
Assignment in Information Security Engineering:
• Recommends secure and effective solutions for system/application development in compliance with Information Security processes and concepts for applicable systems and software
• Understands business objectives and provides direction based on best practices, risk, Corporate Policy, and association and regulatory guidelines
• Leads enterprise-wide definition, establishment and maintenance of data security-related infrastructure, applications and processes
• Good communication skills with engineers and senior management, both orally and written
• Provide accurate and timely reporting on all project deliverables
• Conduct security reviews of core security infrastructure & online applications
• Reviews circumstances surrounding data security incidents and designs corrective actions.
• Develops and maintains Web Application Firewall system, policies and security design documentation
• Manage WAF Incidents and work with development teams to resolve application issues identified by WAF incidents
• Monitors, analyzes, and tunes the WAF policies through incident monitoring and analysis
• Works with application development and internal delivery teams to integrate and improve web application with WAF policies and controls
• Produce service levels consistent with current business needs and future requirements
• Consults on incident handling process which includes implementation of containment, protection • Tracks remediation of system/application vulnerability assessment scan findings and risk assessment reviews as required
• Documents security policies and procedures
• Candidate will be expected to participate in an on-call rotation
• Develops and produce monthly metrics; key performance and key risk indicators.
• Keeps abreast of changes with the industry. Researches and analyzes emerging threats and recommends best-practices for mitigating threats.
• Makes recommendations for continuous improvement to Bank’s security program. 

Erica Chacon
Sr. IT Recruiter
Phone: 646-300-7030