Senior Information Security Engineer

Responsibilities:

1. Lead or participate in computer security incident response activities for moderately complex events.
2. Conduct technical investigation of security-related incidents and post-incident digital forensics to identify causes and recommend future mitigation strategies.
3. Provide security consulting on medium projects for internal clients to ensure conformity with corporate information security policy and standards.
4. Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security.
5. Review and correlate security logs.
6. Utilize subject matter knowledge in industry-leading security solutions and best practices to implement information security components such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity.
7. Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives.
8. Collaborate and consult with peers, colleagues, and managers to resolve issues and achieve goals.

Required Qualifications:

• 4+ years of Information Security Engineering experience or equivalent demonstrated through work experience, training, military experience, or education.

Qualifications:

• 3+ years of Checkmarx or equivalent SAST tool experience, including custom rule development.
• 3+ years of scripting experience (Python preferred).
• 5+ years of application security experience.
• Experience with Agile and CI/CD technologies such as Jira, Kubernetes, Jenkins, etc.
• Able to troubleshoot complex technology integration issues.
• Strong verbal, written, and interpersonal communication skills.
• Excellent customer service skills.

Additional Information:
The person in this role is a key member of the Secure Software Group who will extend the capabilities of our static application security testing tools.

In this role, you will:

• Maintain and expand the configuration of the enterprise static application security testing system, Checkmarx, to improve effectiveness and coverage.
• Provide expert, 3rd level support.
• Provide best practices documentation.
• Drive vendor accountability to address product defects.
• Support patching, upgrade, and business continuity testing.
• Collaborate with Application Security Champions, development team members, and other Cybersecurity teams as a product Subject Matter Expert (SME).
• Collaborate with offshore partners.