Security Engineer III
PRIMARY RESPONSIBILITY: Develops, improves, modifies, and assesses security architecture in a hosting-based environment. Conducts technology and system assessments, provides technical consultation, and ensures system security functionality. Responds to all system security weak points and partners with other teams and third-party vendors to resolve security issues.
- KNOWLEDGE/SKILLS/ABILITY: Advance knowledge and experience with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modeling. Advance knowledge and experience of virtualization technologies, Splunk, Windows and Unix/Linux operating systems. Advance knowledge and experience of network and server hardware infrastructures and storage technologies (NAS, SAN). Strong understanding and experience with a minimum of three of the following programming languages: .NET, PHP, Perl, Python, Java, Ruby, C, C++. Experience with designing secure network architectures, identity and access management principles, application security, encryption technologies, DNS, SOA, database and web applications. Self-motivator with strong work ethic. Must have excellent communication skills and the ability to articulate complex scenarios with clear solutions. Excellent analytical, time-management, interpersonal, problem-solving, presentation & planning skills required. Careful attention to detail required. Ability to make appropriate decisions considering the relative costs and benefits of potential actions. Ability to successfully work and promote inclusiveness in small groups. Ability to provide FANATICAL support.
- JOB COMPLEXITY: Leads complex network, server and application security assessments and identifies solutions to enhance or create new business opportunities, integrating multiple technologies at times. Provides technical and systems consultation and actively works with internal clients and technical management to eliminate risk exposures. Provides technical security recommendations to customers based on their security and business needs. Conducts security and vulnerability assessments on new product offerings. Works with system engineers, developers and architects to implement secure coding practices, technical documentation standards, patching guidelines, QA processes, deployment procedures and configuration management. Leads the development of business and system security architectures and risk remediation solutions in order to meet current and future business security needs. Ensures that the computing environments are kept current with service and software update releases and evaluates assessment tools for selection and integration into these environments. Develops and executes security testing plans which may include managing joint efforts with 3rd party vendors. Participates in industry consortium groups and independent research efforts to promote and identify emerging Computing security needs. Must stay current on emerging technologies as well as introducing cost-effective solutions to improve the security quality and performance of existing offerings. Must be capable and willing to train/mentor less experienced security engineers and other staff.
- SUPERVISION: Operates under general supervision.
- EXPERIENCE/EDUCATION: High school diploma or equivalent required. Bachelor's degree or equivalent experience in Business or Computer Science. Minimum of 6-8 years of experience with networking, servers and application security; must have virtualization experience, XEN platform preferred. Demonstrated ability to consistently provide FANATICAL support.
- PHYSICAL DEMANDS: General office environment. High stress may occur at times. May require extended work hours as determined by business needs.
- PERSON SPECIFICATION: Must be able to pass a Public Trust background check at hire. Must be a U.S. Citizen. May require further DOD security clearance.