Blog

We have a position for a mid-level Security Engr/Administrator type working for a strong company with great benefits and in an amazing location in Downtown Austin.  Pls contact me for more info:

Scott Stevens

sstevens@egov.com

                                                                                                                                                                                                                                                          

Our Security Operations Team is currently searching for a Security Engineer.

Description

The Security Engineer is responsible for the security operations and administration of Texas.gov technical controls and technologies, including but not limited to vulnerability management platforms, IPS/IDS/WAF and other measures. The Security Engineer shall also carry a specialist role in performing security assessments on Texas.gov applications and services utilizing multiple tool sets and methodologies, while interfacing with internal and external teams to understand and present associated risks and mitigation strategies.  Security assessment will include an emphasis on application security activities.

Day-to-Day Activities:

    Perform vulnerability scanning of infrastructure, servers and desktops.
    Assist development and operations teams with strategies to remediate and prevent vulnerabilities
    Assist with other day-to-day operation security tasks such as intrusion prevention and file integrity monitoring
    Perform vulnerability scanning of applications in development
    Assist with other day-to-day operation security tasks such as intrusion prevention and file integrity monitoring
    Assist in the management and improvement of security controls
    Assist development and operations teams with strategies to remediate and prevent vulnerabilities
    Provide support in incident response activities
    Develop and write reports in support of security audits, processes and procedures.
    Support internal customers and employees with security related matters
    Ongoing research of information security trends and developments.
    Participate in daily planning/coordination meetings and coordinates deployments with other departmental teams to ensure smooth and successful project launches.
    Provide overall project coordination, communication and management for daily project activities.
    Assist in tracking and planning of project milestones, deliverables and KPIs.
    Accept and complete other duties as assigned by management and leadership.

Required Skills:

    At least 5 years’ experience in the information security field with at least 3 having a security assessment and vulnerability management and application security focus.
    A firm understanding of the OWASP Top 10 and the various mitigation strategies for these vulnerabilities within a corporate enterprise environment.
    Good familiarity with security compliance standards such as PCI-DSS, ISO 27002 or NIST 800-53.
    Basic Forensic and Investigation Skills
    Good working knowledge of Unix/Linux, Windows and Virtualized operating systems
    Solid knowledge of the following:
        Firewalls
        Intrusion detection
        Incident response
        Policy writing
        Vulnerability testing
        Operation systems hardening
        Antivirus
        Security awareness training
    Understanding security issues associated with application development
    Knowledge of vulnerability management at both the infrastructure and software level
    Solid understanding of Networking and OSI model
    Solid communication and interpersonal skills.  Possessing a strong ability to interpret and explain risk is a plus.
    Able to communicate with other technical teams and translate technical issues into business related risks.
    Able to work independently with little over site
    Able to work with teams to find solutions to technical problems
    Some experience or exposure to various commercial appsec testing tools such as BurpSuite and NTOSpider, as well as various open source scanning ISOs (e.g. SamuraiWTF, BackTrack, etc). Experience with other industry recognized open source security testing tools

Desired Skills:

    Experience with Agile-focused IT shops
    Experience with Log Management/SIEMs.
    Penetration testing skills
    Experience working with government entities, especially state and local governments.
    Certified Information Security Systems Professional (CISSP)
    Familiar with intrusion prevention, file integrity monitoring, user management, and other security domains
    Basic understanding of databases and security/disaster recovery issues with them

Logistics:

    Minimal travel

Benefits:

    Chance to work with innovative and forward thinking Security Team
    Opportunity to work with emerging technology
    Highly visible and executive supported security program
    Excellent work life balance and culture
    Competitive compensation program
    No-cost group medical/dental insurance
    Stock purchase plan
    Matching 401(k) contributions with 100% vesting
    Disability insurance
    Life insurance
    Company wellness program

Email me when people comment –

You need to be a member of OWASP to add comments!

Join OWASP