Security Engineer (only W2, No C2C, No C2H)

Title: Security Engineer (only W2, No C2C, No C2H)

Duration: 12+ Months

Location: Remote

Schedule: M-F, 9am-5pm

Job Description

The candidate must be a and is responsible for the preservation of confidentiality, integrity, and availability of customer data. The Security Engineer reports to the customer's Director of Information Security and delegates and is responsible for all tasks assigned. The position is interdisciplinary, with a wide range of desired technical and non-technical expectations including, but not limited to:

• Operation and administration of enterprise-level web application firewalls, application delivery controllers, vulnerability scanners, web content filtering systems, intrusion prevention systems, security information and event management systems.
• Implementation and oversight of social media security processes.
• Organization and analysis of patch management processes and procedures.
• Participation and analysis of cyber threat intelligence efforts.
• Monitoring systems and response to alerts, events, and/or incidents.
• Preparation of briefings/reports as needed to keep senior management informed of security projects.
• Adaptability, flexibility, and the ability to do quality work under tight deadlines.
• Prepare security standards, policies, and procedures.
• Conduct system security and vulnerability analyses and risk assessments.

The ideal candidate will have a strong knowledge of and experience with the following products and concepts:

• Design, implement, maintain, and operate security technologies including reverse proxies, forward proxies/web filtering, web application firewalls, IPS/IDS, SIEM, password management, DLP, vulnerability scanners, and other applications and appliances.
• Administration and hardening of Windows 8.1 and 10 desktop and mobile clients and Windows Server 2012 and later servers.
• Identity and access management and administration of Active Directory Domain Services.
• Encryption and data protection using Public Key Infrastructure and x.509 certificates and administration of Active Directory Certificate Services.
• Virtualized systems administration using Hyper-V, VMWare, and Azure IaaS.
• Routing, DMZ, VPN, IPSec, DNS, firewalls, intrusion detection systems, DoS attacks, 802.11, GSM, EV-DO, radio frequencies and technologies, Wireless Security, and RADIUS.
• Application Security includes SDL, cross-site scripting, cross site request forgery, SQL and command injection attacks, threat modeling, fuzzing, malware, and Trojans.
• Enterprise hardening techniques including Pass the Hash/Golden Ticket Mitigation, LAPS, Lateral Traversal Mitigation, and Tier-0 Account Protection.
• Solid experience with public key infrastructure (PKI)
• Experience with certificate lifecycle management
• Solid experience with Microsoft Certificate Services
• Experience with commercial Certificate Authority providers
• Strong proficiency in cryptography
• Good understanding of secure coding techniques and IT security principals in general
• Experience in building and setting up Sona type Nexus-IQ server and Nexus NXRM.
• Experience in scanning the packages using Nexus-IQ server for security and vulnerability check
• Provide technical recommendations on how to improve their Software Supply Chain and DevSecOps practices using Sona type solutions.
• Add Nexus Firewall to stop OSS risk from entering your SDLC using next-generation behavioral analysis and automated policy enforcement.
• Must have experience with CI/CD
• Familiarity with tooling used in the SDLC, including VCSs (e.g., git, Svn, etc.), modern build tools (e.g., Jenkins), package managers (e.g., Maven, Gradle, Nuget, NPM, etc.), artifact repositories (e.g., Nexus), continuous delivery technologies (e.g., Puppet, Chef, UDeploy, XL Deploy, etc.), container technologies (e.g., Docker, Kubernetes, OpenShift, etc.)