Please see below a new job description I’m recruiting for in Carlsbad or Menlo Park, CA. We are looking for a security engineer to take point on managing day to day information security for the company and for their commercial SaaS application. Let me know if this is something you are interested in or know someone.
Plan, implement and upgrade security measures and controls
Protect digital files and information systems against unauthorized access, modification or destruction.
Maintain data and monitor security access
Conduct internal and external security audits
Manage network, intrusion detection and prevention systems
Analyze security breaches to determine their root cause
Recommend and install appropriate tools and countermeasures
Define, implement and maintain corporate security policies
Security awareness training
Coordinate security plans with outside vendors.
Implement a tools driven and highly automated approach to deliver our key security management processes by exploiting investment in existing tooling and / or identify new tooling (e.g. Chef, Splunk) .
Work closely with product and platform teams to engineer and implement cloud security controls with a focus on DevSecOps
Build security utilities and tools for internal use that enable you and your fellow Security Engineers to operate at high speed and wide scale.
Required Knowledge and Skills:
At least 3 years architecting and developing AWS- based applications solution design and development, security of access endpoints, data and infrastructure in cloud with strong EC2, IAM, KMS, HSM, S3, Cloudwatch and Cloud Trail knowledge.
Penetration testing of applications and infrastructure – a good way to find vulnerabilities before attackers do
Social engineering – given that humans are the weakest link in the security chain, an analyst’s expertise can help with awareness training
Vulnerability and risk assessment – important components of risk management
Security assessments of network infrastructure, hosts and applications – another element of risk management
Forensics – investigation and analysis of how and why a breach or other compromise occurred
Troubleshooting – the skill to recognize the cause of a problem
DLP, AV and anti-malware – an understanding of the tools used to protect the organization
TCP/IP, computer networking, routing and switching – an understanding of the fundamentals: the language, protocol and functioning of the internet
ISO27001 assessment – specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization’s risk management
C, C++, C#, Java or PHP programming languages – you can’t analyze what you don’t understand
Cloud computing – the risks and benefits of using a vendor’s remote servers to store, manage and process an organization’s data
Linux operating systems…
The ability to work well independently or with a team
Capable of meeting deadlines and budgets
Strong oral, written, and presentation abilities – able to convey risk to all levels of the business, from C-level executives to operations and development teams;
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control
Certified Ethical Hacker
Global Information Assurance Certification
Vendor credentials offered by companies such as Microsoft and Cisco
You’ll do even better with:
Identity and access management (IAM) solutions – prevention of unauthorized access by internal or external staff
Endpoint protection technologies and techniques
Web application firewalls and intrusion prevention
Access control methodologies (MAC, DAC. RBAC)
IDS/IPS systems, SIEM tools and network scanners