Previous Job
Previous
Data and Application Security Engineer
Ref No.: 18-00085
Location: Sunnyvale, California
Position Type:Contract
Start Date: 08/14/2018
Job Title: Data and Application Security Engineer (3 Positions)
Location: Sunnyvale, CA
Duration: 24 Months

 
Must have LinkedIn profile
CISSP certification is a must

We are looking 3 Senior data and application security engineer to implement the product security initiatives and to meet the fedRAMP compliance.

Job Description:
  • Find the best ways to identify security issues, risks and incidents and suggest improvements and create automation as needed to detect and mitigate those risks
  • Designs vulnerability testing processes and security breach mitigation tactics
  • Develop and interpret security policies and procedures.
  • Develop and implement the data encryption program to protect the sensitive information and other security products and procedures
  • Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats
  • Develop and deliver training materials and perform general security awareness and specific security technology training
  • Evaluate and recommend new and emerging security products and technologies
  • Work within the team to design, develop, deploy and operate security technologies and solve challenges around events, alerts, monitoring, intrusion detection, vulnerability detection and tracking, file integrity monitoring and other similar technologies and challenges at cloud scale
  • Find the best ways to monitor and automate the security on/in multiple non-production, production environments to achieve available, reliable, stable, consistency and most importantly secure services that we offer to our customers 
  • Be able to analyze the security problems, and engineer solutions that are reproducible
  • Identify improvements to and as needed write scripts to automate security technologies to improve our ability to implement in cloud-based infrastructure (new environments, re-deployments, updates, and upgrades). Ideally using Python or Ruby or Power shell, etc.)
  • Research, document and solve complex security problems. These could include developing an encryption key management (PKI using reputable public sources), testing and deploying DLP, Creating a API automation, etc...
  • Configuration of Windows and Linux host-based security as well as network and cloud-based security systems
  • Assisting with the installation and configuration of network security architectures, including firewalls, Demilitarized Zones (DMZ), router ACLs (Access Control Lists), and web content filters
Required experiences and skills:
  • Strong technical skills and the ability to learn and continue to maintain cutting edge skills and knowledge on a variety of technical areas (Unix/Linux, Application Security, Data security, Vulnerability Management, Incident Management, etc...)
  • At least 5+ years in a relevant technology field with at least two years being in a technical security engineer role with the ability to demonstrate and produce examples of your relevant work
  • Offensive security and penetration testing experience (Metasploit, Meterpreter, Websploit, Nmap, Nessus, Burp Suite, SSL Strip, Websploit, Penetration Testing, Brute Force)
  • Hands on experience in security implementation techniques and development of security test tools for portals, APIs and cloud-based applications
  • Knowledge and Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) and vulnerability assessment including analyzing the request/response
  • Knowledge of security vulnerabilities and remediation techniques, including red team operations, development of exploits and incident response
  • Strong understanding of endpoint security solutions to include File Integrity Monitoring and Data encryption, protection and loss Prevention
  • Experience and understanding of engineering processes, especially SDLC
  • Certified Information Systems Security Professional (CISSP)
  • Effective communication; in both written and oral communication.
  • Be able to break down complex topics and be able to educate others on security concepts
  • Ability to collaborate effectively with others and the ability to multi-task and work on multiple projects concurrently
  • Demonstrate high energy and a sense of urgency and work within potentially compressed time frames
  • Strong analytical and logistical skills with equally strong attention to details
  • Experience developing best practices and written documentation for all existing security implementations and technology.
 
Founded in 2007, InterSources Inc is an Small Business Enterprise, Minority Business Enterprise & Women Owned Small Business certified Company specializing in providing IT Consulting, IT Staffing solutions and Software solutions. We have been recipients of Various Awards under "Fastest Growing IT Consulting and Software Company " and "Excellence in Technology Services