Lead Information Security Engineer

Designs, develops, modifies, adapts and implements short- and long-term solutions to support information technology (IT) needs for new and existing applications, systems architecture, network systems and applications infrastructure. Reviews system requirements and business processes; codes, tests, debugs and architects on premise and cloud-based software solutions. Performs penetration testing, Red Teaming and Risk assessments for cloud-based and on-premise systems.

• Serves as Information Security primary point of contact for a Google cloud-based technology project 
• Designs, develops, implements, and solves problems with various information systems security software ensuring resolution. 
• Tests, and validates solutions to remediate exploitable conditions on applications. 
• Evaluates software fixes (patches) to address sophisticated system vulnerabilities such as malicious code (e.g., viruses), system exploitation using SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning, and Web services manipulation. 
• Conducts security assessments of complex systems, networks and applications using penetration tests and ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities.  Prepares status reports on security matters to develop security risk analysis scenarios and response procedures. 
• Reviews security designs for complex environments. 
• Displays technical knowledge and expertise, in addition to a thorough understanding of the industry, when examining security issues, techniques and implications across multiple computing platforms and of varying complexity.  
• Supports regulatory compliance initiatives related to the industry regulation 
• Works with teams across the organizations involved in the project to deliver information security related tasks

• Education Required:  Degree qualified in Computers Science, Information Systems or other related discipline, or equivalent work experience.    
• Experience Required:  At least 10 years
• Special Qualifications: Has completed one or more of the following Certifications and/or Professionalization status: MCSE certification; GIAC, GSEC, GCFW, GCIA, GCIH, GISO, GSNA, GCFA, GSLC; GPEN, CISA, CISSP, CCSP certifications.
• Experience with application security tools in areas of DAST, SAST, Web Application Penetration Testing.

Come as You Are

Nasdaq is an equal opportunity employer. We positively encourage applications from suitably qualified and eligible candidates regardless of age, color, disability, national origin, ancestry, race, religion, gender, sexual orientation, gender identity and/or expression, veteran status, genetic information, or any other status protected by applicable law.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation.