Job Title : Information Security Engineer
Location : Media, PA
Duration : 6 Months contract
In consultation with the Information Security, Development and Infrastructure teams, the Security Engineer Contractor will help integrate information security requirements and controls as captured in security policies, standards and best practices into current and future architectures and designs. The Security Engineer will help in detecting and addressing (reactively and proactively) risks and vulnerabilities in Customer’s IT landscape. Play a key role in driving the evolution of Customer’s technical architectures and IT operations and ensure that security controls are embedded throughout future designs and plans.
1. Engineer and implement security measures for the protection of computer systems, networks and information.
2. Maintain awareness of information security policies, standards and requirements. Stay current on information security trends and risks.
3. Drive identification and definition of system security requirements.
4. Develop and document cloud, automation, and API security requirements.
5. Analyze, design, develop, and continually evolve modern software-defined infrastructure and application patterns.
6. Analyze cloud architecture and application vulnerabilities using cloud-native tools.
7. Continuously evaluate the organization's existing cloud infrastructure security practices and help to define, standardize and measure security-related activities.
8. Support cloud certification activities such as system hardening, vulnerability testing and scanning.
9. Work closely with development, infrastructure and information security teams in an agile workflow to promote and mature DevOps methodologies.
10. Design computer security architecture and develop detailed cyber security designs (network, applications, software development, operating system, virtualization, cloud, automation, etc) with input from various stakeholders (Information Security, IT, etc) while working in a hybrid cloud/traditional data center environment.
11. Prepare and document designs, architectures, configuration standards, standard operating procedures and protocols.
12. Act as an advisor to internal teams enabling them to build and design products securely and efficiently.
13. Develop technical solutions to help mitigate security vulnerabilities and automate repeatable tasks to reduce the risk of fraud, abuse and misuse.
14. Communicate technical application security concepts to employees, including developers, architects, and managers.
15. Assess the security posture, develop risk profiles, specify security requirements, and identify mitigation measures to safeguard public facing Web applications.
16. Streamline usage of security technologies in a dynamic environment through automation and orchestration platforms.
1. Ability to work well individually as well as in a team environment
2. Excellent oral and written communication skills, including documentation skills specifically with the drafting and updating of process and procedures.
3. Excellent customer service and interpersonal skills
4. Ability to work with little or no supervision
5. Detail oriented and strong organizational skills
6. Strong analytical and problem-solving skills
7. Ability to handle multiple projects simultaneously and independently
8. Proven self-starter with demonstrated ability to make decisions
9. Ability to learn new technologies quickly and independently
1. Bachelor’s degree in Information Technology or a technical discipline (e.g., engineering) preferred, or technical certifications, or related experience
2. Certified in one or more of the following preferred: CISSP, CISA, CISM, CEH, technology specific (proxy, data loss prevention, firewall, etc).
3. Minimum of 7+ years working in Information Technology Security.
4. Working knowledge of information security concepts and technologies such as: least privilege, networking, network segmentation, firewalls, IPS\IDS, network analyzers, encryption technologies, proxies, etc.
5. Proven work experience as a system engineer or system security engineer
6. Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
7. Cloud security (AWS - Azure) architecture, environment, and WAF experience
8. Experience with container management and containerization technology.
9. Experience on Authentication, Single Sign-On Infrastructure (AD, Azure AD, VDS, Ping Federate); Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
10. Extensive experience on authentication and authorization strategies using SAML/OpenID/OAuth;
11. Extensive experience in usage related Identity & Access Management & defining standards around data at & data in transit - encryption, authorization, authentication, and security mechanisms, especially the foundational elements of the Public Key Infrastructure.
12. Experience in building and maintaining security controls
13. Detailed technical knowledge of application, network, database and operating system security
14. Hands on experience in security systems, controls and concepts
15. Experience with network security and networking technologies
16. Working knowledge of sub netting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods
17. Network and web related protocols (TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)
18. Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication
19. Thorough understanding of the latest security principles, techniques, and protocols
IDC Technologies, Inc
Mail to : abhishek.singh@