Senior Information Security Engineer
Silicon Valley Projects - Hayward, CA
Apply NowJob Description
Position OverviewThe Information Security Engineer implements and executes network security controls across multiple data centers. This role coordinates various network and infrastructure requests among teams, partners, and clients. It evaluates new and existing network/security architecture requirements, participates in system design, and provides technical assistance as needed.Additionally, the role involves analyzing attempts to compromise security protocols, managing vulnerability processes, and being part of a rotating on-call schedule. Other duties include conducting risk assessments, performing vulnerability scans, troubleshooting and responding to alerts, and assisting in the development of policies and standards.Role and ResponsibilitiesPerform network security reviews and troubleshooting.Resolve network and system security issues using computer host analysis, forensics, and reverse engineering.Maintain security requirements.Monitor, review, and troubleshoot alerts.Manage vulnerability tools and scans.Test security measures, including OS patches, system hardening, and application configuration.Represent security needs in projects.Develop whitepapers.Conduct security compliance monitoring.Produce security standards.Participate in project meetings to advise business stakeholders and IT staff on best practices.Provide escalation support for technical security questions and problems.Conduct network security audits.Understand and develop countermeasures against network attacks using vulnerability analysis and exploit techniques.Review security for acquisitions and new office setups.Perform security research.Produce security risk advisories based on newly identified threats and risk assessments.Evaluate, test, select, certify, and integrate security tools.Perform and document internal and external vulnerability assessments.Create lab environments and automate test procedures for security testing.Preferred SkillsPrevious experience in the financial industry is preferred but not required.Qualifications and Education RequirementsBachelor's degree in Information Systems, Computer Science, Information Security, Data Security, Network Security, or a related technical discipline is required; an advanced degree is a plus.Professional certifications like CISSP, CISM, CISA, Security+, or other recognized security credentials are preferred.Minimum of 8 years of recent, consistent hands-on experience with modern technologies.Expertise in systems analysis, including:Gathering requirements from stakeholders.Constructing RFP/RFQs.Devising and planning proof-of-concepts.Defining use and test cases.Driving critical security infrastructure projects.Creating clear status reports for senior management.Strong technical understanding of vulnerabilities and exploit methods.Working knowledge of security technologies like DLP, SIEM, IDS/IPS, web filters, two-factor authentication, web application firewalls, and Active Directory Group Policy.Ability to establish SLA- and KPI-driven metrics to measure performance.Vendor management experience.Familiarity with network technologies (e.g., switches, routers, firewalls, VPNs, remote connection technologies, and multi-domain environments).Familiarity with tools like Qualys, Rapid7, Q1 Labs, McAfee Suites (Host & Network), FireEye, BlueCoat, Juniper, Palo Alto Networks, and MDM solutions is a plus.Knowledge of vulnerability sources like SANS, US-CERT, and commercial vendors (e.g., Symantec, SecureWorks, McAfee, IBM).Awareness of public intelligence sources like ICS-CERT, FBI Infragard, and HSIN.Understanding of paid intelligence sources such as Verizon iDefense, RiskIQ, Critical Intelligence, and Cybertrust.Strong and concise communication skills, with the ability to craft compelling narratives.Excellent verbal, written, and presentation skills, especially when communicating technical and business issues across organizational levels.Solid analytical and problem-solving skills, with the ability to think strategically and turn ideas into actions.Ability to work independently while integrating seamlessly with other teams when needed.Capable of leading, guiding, supporting, and mentoring staff.Able to work with minimal supervision and deliver consistent results.Physically able to lift 50 lbs. and recognize color-coded events.Willing to participate in a 24/7 rotating on-call schedule.
Created: 2025-01-26