Information Security Engineer II (Applications)
Previous Job
Previous
Information Security Engineer II (Applications)
Ref No.: 17-09423
Location: Los Angeles, California
Position Type:Contract
Start Date: 10/04/2017
Opportunity Overview
My Client (Major Hollywoord Studio). seeks an Information Security Engineer II (Applications) for the I&CS: Security Ops & IR department.

This position supports my client's Information and Content Security group. The position collaborates with my client. business units, 3rd party vendors and the Security Operations Center. The position plans, coordinates and executes vulnerability testing and reporting on internal and 3rd party systems. This position will plan, coordinate and execute network penetration tests of Intranet and Internet networks. Lastly, this position will plan, coordinate and execute application architecture and engineering reviews to help ensure that new services are secure by design

What part will you play?
  • Responsible for planning, coordinating and executing vulnerability testing and reporting on internal and 3rd party systems.
  • Responsible for planning, coordinating and executing network penetration tests of Intranet and Internet networks.
  • Responsible for planning, coordinating and executing application, web and mobile services as required.
  • Responsible for ongoing remediation tracking and reporting to ensure that identified vulnerability are addressed in a timely and reasonable manner.
  • Responsible for planning, coordinating and executing application architecture and engineering reviews to help ensure that new services are secure by design.

What do we require from you?
  • Bachelor's degree in Computer Information Systems, Computer Science, Engineering or related discipline preferred.
  • One Security certification is required (GSEC, GPEN, GWAPT, OWASP or equivalent are required).
  • CISSP or equivalent preferred.
  • Minimum five (3) years of experience in Information Security.
  • Minimum five (3) years of experience with TCP-based networking.
  • Three (3) years of Unix and Windows system administration preferred.
  • Technical Knowledge/Skills in the following areas is required:
    • Experience with administering vulnerability scanning solutions is required (e.g. Qualys, Nessus, etc.).
    • Experience with Security Risk Management.
    • Understanding of vulnerability management processes and procedures for hosts, web applications, etc.
    • Understanding of common vulnerability exposures and common weakness enumeration.
    • Understanding of commonly used protocols and services is required (e.g. SSL, TCP/UDP, WWW, FTP/SFTP, NTP, Telnet, NFS, SSH, LDAP, etc.).
    • Understanding of networking hardware; routers, switches, and load-balancers.
    • Understanding of network protocols and architecture (TCP/IP, ATM, WAN, Bridges, etc.) is required.
    • Understanding of cryptographic controls for data in transit and data at rest (AES 256, TLS 1.2, etc.) is required.
    • Understanding of virtual networking hardware including VMware vSphere, ESXi 4.x etc.
    • Experience with securing cloud-based solutions (e.g. Amazon AWS, MS Azure, Level 3, Akamai, etc.).
    • Bash, Python, and PERL programming.
  • Other Technical skills that is not required but preferred.
    • Experience with firewalls required (Palo Alto and Cisco preferred).
    • Experience with Security Incident Response.
    • Experience with common SDLC processes.
    • Experience in Linux system administration.
    • Experience with Windows system administration.
    • UNIX and Web development programming.
    • Experience with version control systems.
    • Experience securing remote operating systems and applications.
    • Experience with Intrusion Detection Systems required (SourceFire).
  • Functional Knowledge / Skills in the following areas is required:
    • Experience in three or more information security domains.
    • Experience with OWASP secure application development guidelines.
  • Functional Knowledge / Skills in the following areas is not required but preferred:
    • Experience with media, production and post production digital media systems and services.
    • Experience with on-line and mobile gaming systems.
  • General Knowledge / Skills required:
    • Strong communication and writing skills.
    • Strong client facing demeanor.
    • Must possess the ability to meet deadlines and work with personnel in an efficient manner.
    • Working knowledge of networks and data center standards and procedures.
    • Strong project management skills; including project planning, project design, resource allocation, utilization analysis, etc.
    • Must be able to effectively manage a number of projects and priorities in parallel.
  • Must be able to communicate effectively and tactfully with all levels of personnel, both in person and on the telephone.
  • Must be able to pay close attention to complex detail and understand written and oral instructions.
  • Must be able to organize and schedule work effectively.
  • Must be able to work well under time constraints.
  • Must be able to handle multiple tasks with changing priorities, communicating changes in scope and schedule to all parties concerned.
  • Must be service-oriented.
  • Must be able to work independently.
  • Must be able to work flexible hours.
  • Must be able to maintain confidentiality.
Technologies We Use
  • Experience in Linux system and/or Windows systems administration
  • Understanding of commonly used protocols and services is required (e.g. SSL, TCP/UDP, WWW, FTP/SFTP, NTP, Telnet, NFS, SSH, LDAP, etc.).
  • Understanding of network protocols and architecture such as TCP/IP, ATM, WAN, Bridges, etc
  • Virtual networking hardware including VMware Vsphere, ESXi 4.x is preferred.
  • Cloud-based solutions (e.g. Amazon AWS, MS Azure, Level 3, Akamai, etc.).