Enterprise Security Engineer in Jersey City, NJ at ConsultNet

Date Posted: 11/20/2020

Job Snapshot

Job Description

TITLE: Enterprise Security Engineer

The Enterprise Security Engineer is responsible for the engineering of security solutions for the protection of computer systems, networks and data, from the identification of requirements and evaluation of solutions, through to design and implementation.

Essential Functions:

  • Determine requirements, and research and evaluate security solutions; provide recommendations for licensing.
  • Design, implement and support security solutions.
  • Prepare and document standard operating system procedures
  • Configure and troubleshoot security infrastructure devices
  • Develop technical solutions and new security tools to help mitigate security vulnerabilities and to automate repeatable tasks
  • Write comprehensive reports, including assessment-based findings, outcomes and propositions for further security system enhancement
  • Administer client's security information and event management system (Splunk). Design and implement further system enhancements.
  • Provide consulting and advice to the client's CISO team, Engineering team and IT teams in research and design of secure solutions.
  • Liaise with suppliers during professional services engagements.
  • Enhance and evangelize the usage of threat modelling tools and procedures in the organization.
  • Determine the scope of penetration tests; coordinate with suppliers; review test results and prepare a report for stakeholders.
  • Recommend enhancements to Enterprise Security Architecture tools and procedures
  • Apply the Enterprise Security Architecture to identify controls like MFA, encryption, monitoring DAST etc. to be applied across the enterprise, and working with client andIT teams to incorporate these into their roadmaps.

Experience, Knowledge, Skills and Abilities:

  • Strong experience of designing and implementing security systems in conformance with security policy, security standards and best practices
  • Experience of administering, designing and implementing Splunk.
  • Knowledge of web application security, remediation and tools (dynamic application security testing, OWASP Top-10, Burp Suite). Familiarity with static and interactive application security testing tools and procedures.
  • Experience of the design and implementation of:
    • Web application firewalls, web services security and API gateways
    • Database security solutions such as encryption, data tokenization and masking, database firewalls and database access monitoring
    • Authentication mechanisms (multi-factor authentication, SSO and PKI)
    • Mobile application and device security controls
    • Microsoft Active Directory security controls
    • Office 365 security controls (data loss prevention, encryption, DMARC)
    • Amazon Web Services and Microsoft Azure security controls
    • Public key infrastructure and privileged account management
  • Experience or working knowledge of penetration testing methods and tools (Kali Linux, Metasploit, Mimikatz)
  • A proven ability to interface across a global organization with other teams, such as EIS Engineering and Security, Corporate Applications, Enterprise Applications, Internal Audit, agency CIOs, and agency security teams and compliance coordinators, etc.
  • An analytical demeanour and the ability to effectively communicate with individuals across all levels the organization
  • Excellent written and verbal communications skills
  • Ability to adjust to changing priorities while multitasking effectively
  • Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, COBIT, NIST CSF, CIS Controls)
  • Working knowledge of best practices/standards (e.g., PCI DSS, HIPAA, State data breach laws) for implementing application-level data encryption

Experience and Education:

  • Bachelor's degree in Computer Science, Information Security and Risk Management, Information Systems, Engineering or related major
  • Security certification: CISSP, GIAC, GSEC or AWS Security.
  • 10 years' progressive experience working in Information Technology with at least half of that directly in Information Security
  • Minimum 3 years' experience in a security engineer role
  • Advertising and marketing communications industry experience preferred

Be a part of the ConsultNet difference. As a leading national provider of IT staffing and solutions, ConsultNet delivers exceptional services to startup, midmarket and Fortune 1000 companies across North America. Since 1996, we've partnered with clients to create rewarding opportunities for our consultants, successfully building teams that have surefire results.
In the past two years alone, we have placed more than 1,500 consultants in contract, contract-to-hire, or direct placement opportunities. We understand communication is key to finding the right job that matches your skills and career goals. For us, it's not just the work that we do; it's how we do the work. Our breadth of offerings extends to multiple IT positions in major markets throughout the country, see more at www.consultnet.com