LOOKINGGLASS CYBER SOLUTIONS is seeking to hire a Security Engineer that will help protect the corporate and live production data center environments. This role will help select, engineer, and operate security technologies and processes that protect the organization’s infrastructure and secure highly sensitive data against internal and external threats.
We are looking for a capable system security engineer/analyst, who enjoys security work and possesses both deep and broad expertise in the security space.
Qualified candidates will have a background in security or systems engineering. As such, you will be responding / coordinating as security incidents arise ranging from networking, systems (linux or windows), Macintosh, and/or hosted web solutions. You will provide technical security guidance across the organization to include threat modeling, risk assessments, deriving and decomposing customer security requirements, participating in compliance and accreditation efforts as required, and developing security policies and processes within the organization.
The chosen candidate would need to be someone who is self-driven and has the ability to work in small distributed teams. Since we are a small team you will need a firm understanding of overall technology, so you can advise on how to properly secure or mitigate it.
Key Responsibilities include:
- Identify security risks and develop compensating controls or solution alternatives to minimize risks;
- Provide expertise in the operation and maintenance of security tools for the protection of computer systems, networks and information;
- Ensure the confidentiality and integrity of our corporate and customer data;
- Provide security expertise by identifying weaknesses in capabilities as well as generating gap analysis / road maps;
- Complete, deliver, and maintain compliance documentation for internal and external users;
- Engage with developers working in scrum / agile processes to ensure the secure development of our products
- Assist in completing customer and 3rdparty questionnaires for contractual or audit/compliance purposes;
- Training both technical and non-technical users on how to apply security best practices;
- Support Security’s effort in maintaining SOC2 Type II compliance along with other industry accreditations such as DFARS CMMC, ISO27001, etc.
- Prepare and document security requirements, policies and procedures
- Use and manage vulnerability Scanners such as Tenable, Acunetix, Burp Suite, etc.
- Use and manage LogRhythm SIEM for analysis and event correlation.
- Work with 3rdparty Pen-Testers and consultants to maintain compliance across our product portfolio.
- The ability to articulate and apply security engineering life cycle management to complex projects;
- Experience architecting, implementing, and running security tools such as: IPS/IDS, HIDS, Vuln Scanner, AV, DLP, SIEM;
- Experience with requirements to harden core infrastructure to industry best practices: AD / LDAP, DNS, NTP and SSH;
- Familiarity with SOC2 Type II, NIST 800-53, NIST 800-171 guidelines and controls, and/or DFARS CMMC requirements;
- Experience with a SIEM is a plus (Preferably LogRhythm). Creating alarms, monitoring traffic, troubleshooting, engineering, correlating events etc.
- Hands on experience in security systems, including intrusion detection systems, anti-virus software, log management, content filtering, etc.
- Familiarity and understanding of networking technologies and protocols;
- Thorough understanding of the latest security principles, techniques, and protocols;
- Problem solving skills and ability to work under pressure in a small team
- Able to execute a tasks through to completion
Education / Training Requirements:
- Minimum 3 years of experience in cyber security engineer or analyst position;
- BS in a computer science, technical discipline or relevant experience;
- CISSP, Security+, C|EH, GCFE and other certifications are a plus.