Security Engineer at SilkRoad Technology
The Security Engineer is responsible for planning and implementing security measures to protect computer systems, networks and data in a fast-paced technology organization. This role understands and incorporates methodologies in order to anticipate and prevent security breaches in addition to supporting the audit and compliance activities within the organization.
Your contributions to SilkRoad will include:
- Developing documentation for Information Security tools.
- Coordinating with enterprise-wide Information Security staff to validate security alerts and/or incidents.
- Implementing and Managing Information Security enabled products or other compensating security control technologies to reduce identified risk to an acceptable level.
- Documenting and escalating incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
- Conducting research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
- Planning and recommending modifications or adjustments to the current environment.
- Providing advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
- Participating in internal security audits and investigations.
- Participating in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.
- Using Information Security enabled systems for continual monitoring and analysis of system activity to identify malicious activity.
- Assisting in security patch management process and validation of compliance.
- Performing Information Security trend analysis and reporting.
- Implementing and managing open source Information Security tools.
- Researching emerging technologies and maintaining awareness of current security risks in support of security enhancement and development efforts.
- Familiar with advance security concepts, practices and procedures.
- Hands-on experience installing and administering a variety of commercial and opensource security systems including firewalls, IDS/IPS, SIEM, manage antivirus/antimalware, patch management, NAC, DLP, and Group Policy.
- Strong knowledge of at least six of the following areas: Windows Security, Cloud Security, Application Security, SDLC, Proxy Servers, DLP, Application Whitelisting, Vulnerability Management, or endpoint security controls.
- Knowledge of compliance and regulatory program requirements, such as HIPAA, ISO 27000, NIST, FISMA, and SOC standards.
- Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables.
- Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
- Excellent verbal and written communication skills as well as strong analytical and problem-solving skills and operate with minimal supervision.
- Bachelor's degree in computer science, information systems, or equivalent work experience is required.
- Minimum of 5 years of experience in hands-on IT security and audit experience.
- At least one of the leading industry certifications such as: GIAC Security Essentials, Certified Ethical Hacker, GIAC Certified Incident Handler, CISSP.