Are you a Cloud Security Engineer who has CISSP certification, Perl, Python, and PowerShell skills? Do you want to work for a company that is at the forefront of cloud security engineering? If so, then we have an opportunity for you!
We are looking for someone with expertise in protecting computers, networks, and software against viruses and malware. You will be tasked with providing analysis as well as support for our security appliances. This role is perfect for anyone who wants to take on this new challenge!
We’re a leading national home loan lender and servicer serving Southern California. Our business focuses predominantly on the production and servicing of US mortgage loans while also managing investments related to the US mortgage market.
Cloud Security Engineer With 5 Years of Experience – CISSP Certified, Perl, Python, Powershell
HOW YOU WILL CONTRIBUTE
You will be responsible for providing analysis and support to our security appliances, networks, and operating systems. Below are things you will do:
Researches, designs, and implements security solutions for organization systems and products that comply with all applicable security policies and standards.
- Designs and creates policies, procedures, standards, and guidelines for the company’s IT infrastructure
- Develops security solutions to protect organization systems and products from unauthorized access by criminal hackers or cyber terrorists; manages risk.
- Collaborates with other departments in developing architectures for system upgrades that will be cost-effective while maintaining data integrity and security
- Collaborates with vendors to ensure that products and solutions are compliant with the organization’s information technology standards
- Provides guidance, support for assessment findings, remediation efforts, and recommendations to drive compliance.
As Cloud Security Engineer we also need you to make recommendations to improve the network, system, and application architectures to maintain security.
- Works on a wide variety of tasks involved in the design, development, and implementation phases of new or existing systems
- Ensures that appropriate controls are identified to mitigate risks in accordance with regulatory requirements by conducting risk assessments and providing recommendations for securing sensitive data.
You will also analyze and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices that will improve the security of our systems.
- Provides technical expertise to help ensure that vulnerabilities are identified and remediated in a timely manner
- Performs vulnerability assessments including penetration testing, integrity testing, backdooring attacks
- Conducts information assurance risk analyses for new or existing systems and networks (e.g., providing management with detailed reports and analysis of the risks associated with proposed projects)
Analyzes and assesses damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes, and recommends solutions.
- Maintain awareness of new threats, vulnerabilities, and risk management best practices to proactively address emerging risks.
- Responsible for providing analysis, and support for security appliances, networks, and operating systems.
Tests for compliance with policies and procedures. Performs security monitoring, data/logs analysis, and forensic analysis to detect incidents. Responds to incidents as needed.
- Provide analysis of security vulnerabilities and risks associated with proposed projects
- Analyze damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes, and recommend solutions.
- Maintain awareness of new threats, vulnerabilities, risk management best practices to proactively address emerging risks.
You will also participate in the following activities:
Investigates new technologies, processes, or strategies aimed at increasing security capabilities and implementing improvements.
- Investigates and utilizes new technologies and processes to enhance security capabilities and implement improvements.
- Works with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, installation, and configuration process of hardware and software
- Examines network, server, and application logs to determine trends and identify security incidents
- Reviews and updates information security policies, architectures, and standards
- Responds to audits, penetration tests, and vulnerability assessments
- Responsible for the creation, implementation, and/or management of security solutions.
- Perform other related duties as required and assigned
- Demonstrate behaviors that are aligned with the organization’s desired culture and values
YOU WILL STAND OUT WITH
The ideal candidate will have the following
- BS or MA in Computer Science, Information Security, or related field with at least 5 years of experience in the information security industry desired
- Certified Information Systems Security Professional (CISSP) or SANS GSEC or CompTIA Security + required
- Experienced in working with compliance and regulatory program requirements.
- Technical expertise in network security knowledge, including VPN, Firewall, network monitoring, intrusion detection, web server security, and wireless security
- Strong knowledge of common vulnerabilities and exploitation techniques
- Practical experience with database security, content filtering, vulnerability scanning, and anti-malware
- Expertise at least with one scripting language (e.g.: Perl, Python, PowerShell)
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- Good decision-making skills, and the ability to weigh potential benefits against drawbacks of suggested solutions
This opportunity is located in Cary, North Carolina. Cary is the largest town and seventh most populous municipality in North Carolina.
This opportunity may be remote.
ABOUT THE CISSP CERTIFICATION
What does a Certified Information Systems Security Professional (CISSP) do?
The CISSP is a six-hour exam, consisting of 250 questions. It certifies professionals in ten different areas of information security and protection.
A CISSP is a highly qualified information systems professional who understands the risks, threats, vulnerabilities, and impacts to IT systems; knows how these can be addressed through controls and countermeasures in order to maintain organizational goals or objectives and has proven expertise in at least ten of the twenty domains covered by this certification.
How do I become an information security expert with the CISSP certification?
You must pass the CISSP exam to become certified. The CISSP exam is a computer-based test (CBT) administered at Pearson VUE Testing centers around the world.
What are the ten domains of the CISSP certification?
The ten domains covered by this certification related to information security and protection. These include
- Management, Security Architecture & Engineering
- Communications & Network Security
- Identity & Access Management
- Information Systems Development Lifecycle (ISDLSM)
- Operations Security(OPSEC)
- Legal, Regulations, Investigations, & Compliance
- Physical (Environmental) Security
- Software Development, Acquisition, and Maintenance(SDAM)
- Systems Acquisition & Development
- Systems Security Operations
These domains are broken down into six knowledge areas:
- Governance. The need to establish frameworks for information security in organizations that ensure compliance with policies and procedures, including the use of organizational management practices such as risk assessment, legalities, and business continuity
- Risk Management. The process of identifying, assessing, and controlling the potential impacts from foreseeable events that could threaten organizational assets or damage operational performance
- Security Architecture & Engineering. Strategies for securing information systems by applying security controls to identify vulnerabilities in hardware, software, networks (both wired and wireless), data/information, and their interfaces
- Security Operations. The day-to-day tasks that a security engineer performs on an ongoing basis to keep data, applications, systems, programs, databases, networks (both wired and wireless), users, and the network perimeter secure from attack or misuse
- Software Development Security. Strategies for securing software by applying defensive programming techniques and development security controls that ensure the software is more secure
- Cloud Security. Strategies for protecting cloud computing environments from attacks by hackers or other online threats, such as denial of service (DoS) and brute force attacks
The CISSP certification guarantees the highest level of professional expertise in systems security for candidates who are still pursuing their master’s degree in computer science or for those who have the necessary IT experience.
Think you have what it takes to be an awesome Cloud Security Engineer?
Apply for this position today! Email Us.