Sr. Security Engineer
Location: Novato, CA (20 minutes North of San Francisco; relocation assistance provided)
Salary: $140-170K DOE + 10-15% Annual Bonus
Position is available as a Contract and Contract to Hire
100% Remote work is not available
1-2 days telecommute is an option
An extremely successful publicly traded international company that is a leader in the industry is looking for a Sr. Security Engineer. The company has been in business for 12+ years, is public, earns $30+ million in net income, has cash reserves, is NOT VC funded, is cash flow positive, has 2400+ international employees and has over 100 million active global users. The company develops extremely high volume online and interactive web based products.
The Sr. Security Engineer will join and assist the Security Operations Center Manager and Sr. Security Architect in the ground up design, build out, evolution and management of a World Class Security Operations Center. The first order of business for this position will be the design, configuration, implementation and utilization of a formal Incident Response System and a SIEM System. The company is currently using Splunk and Imperva for Incident Response and SIEM respectively. Note that the systems are in a rudimentary stage and the Security Operations Center Manager and Sr. Security Architect are not locked in on these tools. The Sr. Security Engineer will, at the minimum, have an extensive understanding and solid professional experience with Incident Response Systems and SIEM systems; regardless of specific security tools. The Sr. Security Engineer will be responsible for receiving security alerts, identify attacks via Splunk or Imperva, investigating the security issue, determine impact of attack, plot remediation course (install ACL’s, take steps to stop or shut down attack, remove malware, etc.), identify gaps in coverage and create security solutions to fill gaps. Once the Incident Response and SIEM systems a fully operations, the Sr. Security Engineer will work with the Security Operations Center Manager in researching, evaluating, creating POC’s, testing in lab environment and implementing the appropriate IDS/IPS, Vulnerability Management Systems, Web Application Scanning and DLP/DLS’s based on the Sr. Security Engineer’s and SOC Manager’s expertise in the field and the current environment and collaboration with the Sr. Security Architect.
Plan and execute regular incident response and postmortem exercises
Manage security event investigations, partnering with other departments as needed
Create, implement and continually evaluate and update SOC policies and procedures as appropriate
Develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of SOC analysts
The Sr. Security Engineer will report to the Security Operations Center Manager
Please note that the Hiring Security Operations Center Manager and Director of Security understand that a Sr. Security Engineer will not have experience with all of the above security tools and responsibilities. Expertise with Incident Response OR SIEM systems is mandatory.
The company offers matching 401K, full benefits (PPO & HMO) including medical, dental and vision, paid vacation and paid holidays, Short and Long Term Disability, Life Insurance, Employee Assistance Program, fitness reimbursement program, free onsite gym, free espressos and snacks, casual dress, paid parking (or public transportation subsidization) and flexible work hours that all start upon employment.
Must have 4-5+ years of Information Security Engineering experience
MUST have significant experience with either Incident Response Systems OR SIEM Systems (Splunk, IBM’s QRadar, HP’s ArcSight, LogRythym, AlienVault, Nitro, Imperva, etc)
Experience performing event monitoring, packet analysis, log analysis, etc
Experience performing Security Remediation
The following are only a Plus (NOT mandatory):
Experience with the ground up design, configuration and implementation of a formal Incident Response System or SIEM System a plus (including processes, procedures, investigations of incidents/security breaches/hacks and resolutions).
Experience designing and building out or working within a formal SOC is a plus
Understanding of OWASP
Cross-site scripting / XSS: understanding of what types of web attacks exist
Any experience with any of the following security tools only a plus, not mandatory:
- Network: Palo Alto Threat Platform (ability to get around the GUI, perform queries)
- IDS/IPS: Cisco, Sourcefire, Snort, Palo Alto, Qualys, etc.
- Vulnerability Management: Qualys, Nessus/Tenable, Nexpose, etc.
- Web Application Scanning: IBM’s AppScan, HP WebInspect, W3AF, BurpSuite, QualysGuard WAS, NetSparker, etc.
- DDoS: Arbor Networks, Prolexic
- Penetration Testing
- AntiMalware: Malwarebytes’ Anti-malware, McAfee, ClamAV, ViruTotal
- GRC: governance, risk and compliance (GRC): MetricStream, ARIS, IntelligenceBank, Resolver, BP Logix, etc.
Any experience designing and architecting security systems
Global security experience
Any Security experience in a high volume highly interactive web based environment is a big plus
Any experience with anti-virus, firewalls, Active Directory, web proxies, DDoS mitigation strategies and solutions, Linux / Windows operation systems, TCP/IP, packet analysis tools (Wireshark, etc.), databases and web applications /servers
Any experience with or knowledge of Security and privacy regulations
Certified Information Security Professional (CISSP) or equivalent certification is a plus
CISO, CISM, CPP, GIAC, ISSO, CPP, GCIA, GCIH, CEH, CPSSE, ECSP, GSSP
BS and/or MS in Computer Science or a related degree