Position: Security Engineer
Location : San Francisco, CA
Type Of Hire : Contract
Duration : 12+ Months
Required: GC/USC/EAD
Job Description
Summary:
- The Security Engineer coordinates security responses with and trains engineers from other groups within the IT Function such as the MIS team, the NOCC, Network Engineering and the Production Support organization.
- This role requires availability for off-hour support and travel within the continental Unites States as needed.
Job Responsibilities:
The primary responsibility of the Security Engineer is information security incident management. This includes:
Responds to information security incidents in a quick, effective and orderly manner
Monitors systems, alerts and vulnerabilities
Collects evidence for administrative follow-up or legal action
Conducts postmortems, enhancing controls and training others
Analyzes security incidents and reports finding to management
Documents and maintains the following types of procedures:
Recovery procedures that address specific classes of security incidents such as malicious code, denial of service attacks, breaches of confidentiality and internal misuse of information systems
Contingency plans for system recovery that identify the cause of an incident, detail how to contain the threat and identify corrective action for preserving live systems data
Guidance on how to collect forensic evidence for civil or criminal proceedings
Emergency actions and control procedures that will reduce the likelihood of recurrence
Qualifications:
Familiarity with Unix/Linux, Windows Active Directory, OWASP, Network protocols and how to secure them.
Familiarity with Net screen, Palo Alto, Checkpoint or other Firewall technologies, various IDS/IPS and SEIM systems. Experience implementing information security controls
Knowledge of other Security systems such as DLP, Application scanning, or Vulnerability assessment.
Demonstrated flexibility in approach and in developing solutions
Demonstrated ability to work independently as well as a member of a team
Demonstrated analytical skill, technical knowledge and practical application of information security at a business aware and technical level
Ability to explain complex IT concepts in non-technical terms
Demonstrated flexibility in approach and in developing solutions
Experience in the Financial Services industry and solid understating of SOX, PCI and SDP compliance requirement
Take charge personality, and the ability to drive a plan to completion
CISSP certification is highly desirable. Other industry standard certifications such as MCSE, CCSE, CCNA, CEH, Security+ or SANS also desirable.
Experience / Education:
Bachelor's degree (B.S.) in Computer Science or equivalent job experience
Minimum 3 years security experience in implementing security solutions and processes
Minimum 5 years’ experience of implementation and maintenance some of the following IT systems, with a security focus; Windows 2008, 2012 server, Remote Access solutions, SSL/IPSEC VPN services, border routers security, firewalls, IP/VoIP network, DNS, WINS, IP network, TCP/IP, SSL certificates and Intrusion Detection System (IDS), IDS Alerts, and IDS signature upgrades, local and wide area networks
Physical Demands and Work Environment:
Representative of those that must be met by an employee to successfully perform the essential functions of this job. Must be able to operate a PC and sit for extended periods of time. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Ankur Bhatnagar
Senior IT Recruiter
Nora Logic Inc.