Senior Security Engineer

Job Title: Senior Security Engineer

Location: Any India based remote or Ensono office location

Job Function Overview:

The Senior Security Engineer is an individual with a strong background in information security technologies and processes. The Senior Security Engineer, under the direction of the Security Engineering Senior Manager, will be part of an expanding team responsible for engineering security solutions for a global managed service provider. The Senior Security Engineer will participate in evaluating, developing, implementing, and maintaining security tools, standards, procedures and guidelines for multiple platforms and diverse system environments. The Senior Security Engineer will need to be able to ensure that the solution aligns with architectural and business models to achieve optimal solutions for Ensono and its clients.
 

This individual will have the opportunity to enhance their technical abilities while working across a variety of security technologies to include but not limited to vulnerability management, data loss prevention, intrusion detection/prevention, log management and security incident & event management, and firewalls. This position serves as a senior security professional and is responsible for owning and driving security projects and solutions to meet internal and customer security and compliance needs.

Able to work in US business hours (India evening shift). After-hours and/or on-call duty may be required.

Responsibilities include:

• Strong technical writing skills to include the ability to provide clearly written and detailed reports on projects for communication to leaders
• The design, implementation, and administration of information security solutions
• Support internal and customer auditing requirements
• Create internal and customer facing security architectures, standards, and procedures
• Align procedures, processes, and security tools to support a single global cybersecurity model
• Provide guidance to and mentorship to other Engineers and the Security Operations Center
• Lead incident response as necessary per the Ensono Incident Response Plan
• Evaluate, test, and implement security application upgrades and patches
• Provide consultative advice on threats and vulnerabilities
• Interact with other teams to create, maintain, and implement security hardening standards
• Design and maintain systems to comply with compliance standards such as SOC, PCI-DSS, etc.
• Perform or assist with penetration testing activities
• Review and approve architectures, applications, and networks using security best practices
• Provide recommendations and assist with the creation of security product roadmaps
• Consult with product owners to ensure alignment of solutions to security product offerings

Knowledge and skills:

• 10 or more years of full-time experience in an information security position

• Ability to lead or manage multiple security engineering projects simultaneously

• Cloud security solutions such as Microsoft 365 Defender, Security as a Service implementations
• Knowledgeable of network and cloud architecture concepts to include virtual firewalls and containers
• Exceptional understanding of TCP/IP based networks, DNS, firewalls, encryption, security concepts, common attack vectors/types
• Good understanding of malware classification, entry vectors and propagation channels
• Experience with digital forensics, penetration testing, or leading Red-Blue Team activities
• Strong knowledge or experience with network anomaly detection tools
• Experience with vulnerability scanning tools and experience evaluating vulnerability risks
• Experience with developing or implementing APIs across security toolsets
• Experience working with 3rd party auditors and compliances such as for PCI-DSS, SSAE SOC1/SOC2, and/or ISO270001
• Experience with security incident response in a large enterprise environment
• Experience with scripting such as VBScript, PowerShell, or Python
• Experience in creating clear and robust security standards, procedures, and metric reporting
• Anti-malware applications
• Significant knowledge or experience with SIEM architecture, implementation, and tuning
• Host and network based IDPS applications
• Security auditing and forensics tools (Metasploit)
• Experience in creating and implementing system hardening standards across the enterprise
• Certificate management applications
• Web application gateways
• Self-driven in learning new security frameworks and technologies
• Managed Security Service Provider (MSSP) experience desired
• Strong communication skills with the ability to lead through influencing and collaboration

Education:

• Security certifications such as CISSP, CISA, CISM, CEH, SANS GIAC
• Bachelor’s degree in information security or a related field of study