Our client is searching for a Senior Security Threat Engineer. This individual guides the implementation and monitoring of enterprise wide threat and vulnerability management solutions for our client and strives to enforce security best practices, policies, standards and guidance to ensure the safeguard of proprietary data, physical infrastructure, and resources from internal and external threats. The Senior Security Threat Engineer is required to develop relationships throughout the organization to assist Information Security in accomplishing its goals for the company.
•Organize resources to perform vulnerability assessments of operating systems, applications, databases and network infrastructure components to detect, enumerate and classify major vulnerabilities for performing trend analysis and reporting to Enterprise customers through the use of vulnerability assessment tools and methodologies.
•Evaluate the results from intrusion detection as engineers are monitoring, analyzing and reporting on all network and application communication specific protocols for unwanted manipulation to systems, malicious network traffic, network attacks against vulnerable services, data driven attacks on applications, host based attacks or unauthorized access to sensitive data.
•Schedule and maintain security operations management of operating systems, security applications and network infrastructure components to provide security configurations, controls for user account access, monitoring of services, centralized logging, network connectivity, job scheduling execution and routine maintenance through the use of administrative tools and methodologies.
•Advocate junior engineers in enterprise incident handling as the Security Incident Response Team (SIRT) by detecting, analyzing and performing remediation on attacks that deny the use of authorized applications, networks or systems, malicious entities that infect single or multiple hosts, unauthorized access without permission to application, data, networks, systems or other resources, inappropriate usage that violates acceptable use policies or various incident types that encompasses two or more incidents by assisting constituents that consist of enterprise legal staff, litigation or Ethics and Compliance.
•Classify malicious code as it pertains to the SIRT by identifying worms, viruses or attackers that attempt to breach systems by operating through proxies, anonymous dial-up accounts, wireless connections or illegal network access, monitoring preventive measures such as firewalls that provide real-time filtering and blocking from the network stack to the application layer or third party anti-virus applications and performing remediation through security event log analysis to detect anomalies and violations.
•Coordinate resources for auditing of applications, operating systems and networks to provide a measurable technical assessment that includes interviewing staff personnel, performing security vulnerability scans, reviewing access controls or analyzing physical access to ensure availability, confidentiality and integrity to help the organization meet internal and external regulatory compliance.
•Define and schedule the program for social engineering to obtain confidential information by manipulation of legitimate users through the use of telephone conversations, face to face manipulation, or phishing attacks in order to educate users on security policies and procedures.
•Formulate the program and interpret the results of the attack and penetration testing of the enterprise for information gathering, vulnerability detection, analysis and exploitation planning, and results reporting to remediate exploits and ensure confidentiality, integrity and availability of mission critical information assets.
•Mentor junior engineers in security knowledge and experience in technologies and methodologies as it relates to operating systems, firewalls, proxies, access controls, encryption, networking, programming/scripting, auditing, vulnerability assessments, intrusion management and operations management to assist the Threat and Vulnerability Management team with effective research, data gathering, analysis, metrics reporting and communications.
•Provide guidance using specialized knowledge and toolsets to operational teams during enterprise wide crisis scenarios, e.g. large-scale production service outages, outside of the routine change management process.
•Effective team management, time management, organizational, analytical, written, and oral skills.
•Creative problem solving
•Competent using the Microsoft Office suite of products
•Comprehensive understanding of Security Methodologies
•Basic or advanced experience with TCPIP/UDP/ICMP, Networking components (routers, switches, load balancers, wireless access points, etc.), routing protocols (BGP / OSPF), with operational support for operating systems, applications and networks, knowledge of client/server relationships, vulnerability assessments, intrusion management and its components, packet inspection / sniffers, forensics and e-discovery, automation and scripting of applications and systems, anomaly detection (signature / behavioral), event and log correlation,
•Basic or comprehensive knowledge of the OSI Reference Model, Windows / Linux / Unix operating systems, firewalls, proxies, mail servers and web servers, relational databases and structured query language, malicious code (worms, viruses, spyware, etc.), encryption algorithms and ciphers (PKI/SSL), Virtual Private Networking, multi-tier environments
• University or College Graduate Preferred
• Requires several years of related work experience
•7x24 on-call support rotation
•Occasional travel may be required
• Our client is a Nashville based national leader in healthcare services. They seek to provide safe, quality, cost-effective care and facilities to their patients while employing the latest technology and services to best serve the community.
• Our client’s location is in a desirable area of town and they offer a superb relocation package to assist with travel and moving costs, should you be applying from out of town. Nashville was named #3 of the top 10 best value cities in the United States. Facts work in your favor: No personal income tax on earnings, this saves the average relocating family between 3 and 10 percent of their income. Cost of living is 10% below the U.S. average. Per capita income is 14% higher in Nashville than the U.S. average.
• Not open to 3rd party Vendors; no sponsorship. Must be eligible to work in the US for any employer