Contractor Security Engineer

You will:

• Plan, implement, upgrade, or monitor security measures for the protection of systems, networks, and information
• Ensures appropriate security controls are in place to safeguard digital files and vital IT infrastructure
• Responds to computer security incidents and breaches.

Required Skills and Experience:

• 10 years of Information Security experience in specialized roles such as penetration testing, application development, and application security testing.
• 7-10 years of professional experience in software development or IT security related fields.
• 3-5 years of experience as a Cloud Security architect or related position
• Bachelor's degree in Computer Science, Information Systems, Engineering, Cybersecurity, or a related field. (must provide copy of diploma)
• Strong understanding of cloud computing technologies including, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
• Proficient in designing security controls, security tools needs/assessment and technology services.
• Experience working with containerized and micro architecture platform as per the industry best practices.
• Excellent understanding of securing SDLC, architecture design and IT operations, and integrating application security into CI/CD pipeline.
• Experience performing application security code and roles matrix review and practical risk assessments.
• Experience working with threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK, etc.).
• Experience with common vulnerability management process including scanning, analyzing, reporting, remediation planning and tracking.
• Experience working with application security testing tools such as dynamic application security testing, static application security testing, mobile application security testing, source code analysis, vulnerability management.
• Experience with common networking tools (e.g., Wireshark, tcpdump, netcat).
• Experience with security incident or breach investigation and development of strategies to respond to and recover from an incident or breach.
• Familiar with application vulnerability/security frameworks and standards such as OWASP, SANS, CVE, CWS, CVSS, etc.

Desired Skills and Experience:

• Experience in a Health Exchange or its partners.
• CompTia Security+, CISSP or other industry recognized certifications. (Must provide copy/ies of all valid certifications)
• Experience with administering serverless, cloud-based enterprise applications and environments.
• Experience and general understanding of object-oriented coding (Java, Python, .Net, etc.).
• Understanding of core Internet protocols and routing (e.g., DNS, HTTP, HTTPS, TCP/IP, UDP, IPSEC, routing protocols, etc.).
• Operational understanding of cryptography fundamentals (e.g., SSL/TLS, password security, filesystem encryption, etc.).
• Good understanding of security information and event management tools.
• Excellent understanding of emerging cybersecurity threats.
• Experience with the following Software and Services:
• Cloudflare
• Azure Sentinel
• Tenable Nessus
• Rapid7 AppSec, Insight Vulnerability Management
• BurpSuite
• Ostorlab Microsoft Defender
• Recorded Future
• KnowBe4
• Microsoft Purview
• Microsoft Threat Model
• Jira
• Confluence
• SolarWinds
• Orion
• PowerShell
• GitHub
• GitHub Advanced Security
• SolarWinds ServiceDesk
• SQL Server Studio
• Postman