Principal Security Engineer

Principal Security Engineer

Vacancy expired!

Please send resume in WORD format should you be interested in the following Principal Security Engineer in New York, NY 10013 (Tribeca area). This is a full-time, permanent position with a salary between 160-195K plus awesome benefits. If you are not interested, please pass along to your colleagues as we do pay referral fees.

Currently, they are working from home until July 2021; however, once their office reopens you will be required to be in the office full-time.

Bachelor’s degree is required.
The position calls for using a diverse set of technical and security skills with the ability to quickly adapt to and learn unfamiliar technologies, and the discipline to follow processes in a regulated financial environment. This position also provides opportunities to interact with very diverse areas within our company, and every technology we work with.

• Collaborate with engineers to develop secure services.
• Audit source code for security vulnerabilities.
• Develop/implement automated systems to help spot known security exposures.
• Consult on discovered security flaws, how to exploit them, and how to remediate flaws.
• Conduct threat mapping with respect to competitors, state-sponsors and hacktivists.
• Conduct intelligence gathering including digital, social and physical aspects.
• Conduct attack simulation exercises on a periodic basis.
• Continuous assessment around effectiveness of defense response.
• Demonstrate use of information and access by adversaries to stakeholders.
• Ensure adherence to appropriate standards, best practices workplace policies and procedures.
• Work effectively as a team member, providing hands on support, maintaining communication and updating senior staff on progress.
• Participate in Incident Response procedures if/when required.

• Strong understanding of the intelligence lifecycle and models including Cyber Kill Chain and MITRE ATT&CK framework.
• Experience in cyber threat landscape, TTPs, threat actors and groups.
• Experience in threat actor and threat group profiling.
• Exposure and understanding of open source intelligence OSINT.
• Exposure and understanding of cyber threats in the financial sector.
• Exposure and understanding of underground criminal communities and dark web.
• Technical knowhow of malware reverse engineering.
• Visibility and presence in the threat intelligence community.
• Experience with SIEM technologies, threat hunting, monitoring and investigations.
• Excellent analytic and writing capabilities.
• Mentor and guide security analysts in cyber threat intelligence skills.
• Ability to work with minimum guidance.
• Liaise with stakeholders and seek requirement clarification.
• Exposure to Unix/Linux environments with knowledge of commands & basic shell scripting will be an added advantage.

• 7-11 years relevant experience, successfully delivering in an Enterprise environment.
• Bachelor/Masters of Engineering in Computer Science / Information Security / Cyber Security
• Network and security and tools, including IDS/IPS, NAC,DLP, VPN, firewall management and audit, endpoint, anti-malware, database audit and monitoring
• Strong experience with secure architecture design.
• Security expertise in one or more of: python, bash, C, C, cryptography, reverse engineering, wireless networks, common web vulnerabilities (SQLi, XSS, CSRF), exploit development.
• Security applications utilized for logging, packet capture, email, directory services, web, authentication, remote access, and encryption.
• Database audit/security background is a strong plus.
• Cloud security deployment and controls.
• IT security technologies, policies, and procedures.
• Have passion to learn evolving technologies.
• Self-starter with a can-do attitude capable of overcoming difficult challenges.
• Communicate clearly and effectively with the distributed team and stakeholders.
• Showcase good critical thinking and analytical skills.
• Ability to stay focused while working under pressure.
• Flexible to work in different time-zones, based on Business requirements.
• Conduct training and mentoring of team members.