Principal Security Engineer

Principal Security Engineer

Vacancy expired!

job summary:

The position calls for using a diverse set of technical and security skills with the ability to quickly adapt to and learn unfamiliar technologies, and the discipline to follow processes in a regulated financial environment. This position also provides opportunities to interact with very diverse areas within our company, and every technology we work with.



location: NEW YORK, New York

job type: Permanent

salary: $170,000 - 190,000 per year

work hours: 9am to 5pm

education: Bachelors



responsibilities:

Key responsibilities:

• Collaborate with engineers to develop secure services.
• Audit source code for security vulnerabilities.
• Develop/implement automated systems to help spot known security exposures.
• Consult on discovered security flaws, how to exploit them, and how to remediate flaws.
• Conduct threat mapping with respect to competitors, state-sponsors and hacktivists.
• Conduct intelligence gathering including digital, social and physical aspects.
• Conduct attack simulation exercises on a periodic basis.
• Continuous assessment around effectiveness of defense response.
• Demonstrate use of information and access by adversaries to stakeholders.
• Ensure adherence to appropriate standards, best practices workplace policies and procedures.
• Work effectively as a team member, providing hands on support, maintaining communication and updating senior staff on progress.
• Participate in Incident Response procedures if/when required.

Skills and attributes for success

• Heavy understanding of the intelligence lifecycle and models including Cyber Kill Chain and MITRE ATT&CK framework.
• Experience in cyber threat landscape, TTPs, threat actors and groups.
• Experience in threat actor and threat group profiling.
• Exposure and understanding of open source intelligence OSINT.
• Exposure and understanding of cyber threats in the financial sector.
• Exposure and understanding of underground criminal communities and dark web.
• Technical knowhow of malware reverse engineering.
• Visibility and presence in the threat intelligence community.
• Experience with SIEM technologies, threat hunting, monitoring and investigations.
• Excellent analytic and writing capabilities.
• Mentor and guide security analysts in cyber threat intelligence skills.
• Ability to work with minimum guidance.
• Liaise with stakeholders and seek requirement clarification.
• Exposure to Unix/Linux environments with knowledge of commands & basic shell scripting will be an added advantage.

Experience and Other requirements:

• 7-11 years relevant experience, successfully delivering in an Enterprise environment.
• Bachelor/Masters of Engineering in Computer Science / Information Security / Cyber Security
• Network and security and tools, including IDS/IPS, NAC,DLP, VPN, firewall management and audit, endpoint, anti-malware, database audit and monitoring
• Alot of experience with secure architecture design.
• Security expertise in one or more of: python, bash, C, C, cryptography, reverse engineering, wireless networks, common web vulnerabilities (SQLi, XSS, CSRF), exploit development.
• Security applications utilized for logging, packet capture, email, directory services, web, authentication, remote access, and encryption.
• Database audit/security background is a big plus.
• Cloud security deployment and controls.
• IT security technologies, policies, and procedures.
• Have passion to learn evolving technologies.
• Self starter with a can-do attitude capable of overcoming difficult challenges.
• Communicate clearly and effectively with the distributed team and stakeholders.
• Showcase good critical thinking and analytical skills.
• Ability to stay focused while working under pressure.
• Flexible to work in different time-zones, based on Business requirements.
• Conduct training and mentoring of team members.

qualifications:

• Experience level: Experienced
• Minimum 7 years of experience
• Education: Bachelors

skills:

• SECURITY ENGINEER
• MITRE
• OSINT
• UNIX
• Linux
• IDS
• IPS
• VPN
• Firewall Engineering
• C
• Python
• Bash

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.