Sr. Application Security Engineer
We are seeking a Sr. Security Engineer for a permanent position with our client in Addison, IL. Please send qualified resumes to mary.abraham at harveynashusa.com.
Sr. Security Engineer plays a key role in completing our mission every day by ensuring that the company deploys new infrastructure and technologies in a safe and secure manner. Reporting directly to Director of Information Security, the Senior Engineer takes charge of the selection and deployment of world-class cyber security tools. The Senior Engineer also acts as the chief evangelist for cyber security throughout Information Technology, consulting with the applications development and infrastructure teams on secure systems and applications design.
- Data preparation and gathering for audits – Works closely with infrastructure and engineering team in technology to gather information and the appropriate business units to compile all documentation and reporting as required.
- 5 to 10 years of experience working in technology and development with a specialty in security in a complex environment, focusing on protection of intellectual property and sensitive data.
- Strong knowledge of network and web application exploitation, ethical hacking, penetration testing, computer forensics and tool development
- Cloud Security experience (AWS, O365)
- Advanced experience with security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, and Network Packet Analyzers, and Malware analysis and forensics tools
- Strong knowledge of vulnerability assessment, scanning and tools
- Experience with software application best practices (e.g. OWASP, CWE/SANS)
- Experience creating and maintaining security policies and standards
- Working knowledge of security best practices and standards such as ISO27001, ISO27002, PCI-DSS
- Ability to think logically and analyze security requirements and convert them to accurate security plans to mitigate risk
- Analyzes relevant cyber security event data for attack indicators and breaches that may yield detection/prevention content
- Ability to effectively manage multiple concurrent priorities and meet deadlines within a dynamic, fast paced and challenging environment
- Strong interpersonal and communication skills
- Demonstrate the ability to clearly articulate complex technical scenarios to a non-technical audience
Technology Used: WAF, Static Code analysis, Qualys, Whitehat, AWS, Internet Secure Gateway, Checkmarx, DLP