Senior IT Security Engineer
Senior IT Security Engineer City Chantilly State/Territory Virginia Added to system 3/30/17 11:24 AM Apply Now Senior IT Security Engineer Summary PenFed is hiring a Senior IT Security Engineer in Chantilly, VA. The primary purpose of this job is to provide expert level support in analyzing complex applications, codes, network, and management systems, and for planning, designing, evaluating, and selecting cyber security systems and suites. The Senior Engineer will act as both a project leader and as a well-rounded subject matter expert in the IT Security domain. Essential Functions Perform vulnerability assessment and be able to demonstrate the risk to the business and explain the solution/fix to the technical counterparts Perform as the project lead providing insights and expert-level expertise in scoping, requirements gathering, security solution design, implementation, operationalization and project closure Demonstrate expert level administrative and technical engineering function across all the security domains, including but not limited to application security, network security, penetration testing, security architecture and design, log/event management, certificate management, cryptography, operational security, vulnerability management, risk management, information security governance, access control, business continuity/DR planning, legal regulations, investigations, and compliance Identify, test, implement, and maintain security products and processes to cost-effectively and uniformly protect information systems assets from intentional or inadvertent modification, disclosure, or destruction Expert level experience in one or more of the following programming languages, Java, .Net, Python, C++, C#, and Ruby Expert level experience in cryptography and encryption concepts and technologies. Automate routine day-to-day security tasks to reduce operational overhead Gather requirements from stakeholders for projects and demonstrate capability to understand and accommodate the concerns of other areas of the business when developing solutions Propose and implement solutions to observed inefficiencies or other problems in the organization without specific directions from management Interface with other IT Security teams including, but not limited to, Certification and Accreditation, Security Engineering, Incident Response, and Event Management, to gather identified information security risks; develop risk profiles for enterprise-wide business applications and identify areas where existing security architecture requires change or development Provide expert level guidance to junior staff in the areas of software code review, architecture design and review, hardware and software product evaluation, and project risk review. Evaluate emerging security technologies including expertise in the testing and integration of new security solutions Recommend the application of fixes, patches, and recovery procedures in the event of a security incident. The ability to recreate the attack or identify specific attack vectors is a critical aspect of the job. The candidate is required to demonstrate the details, not just speak to it conceptually Perform hands-on support for a wide range of security technologies including, but not limited to NGFW, SIEM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access control, identity and access management, and data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensics, software, security incident response Create reports from various IT Security systems for the purpose of monitoring critical activities and providing security metrics to IT Security management Demonstrate capability to tailor reports and other program output to the needs of the stakeholders Participate in assessment of compliance with security regulations such as PCI, GLBA, and FFIEC. Coordinate external assessment teams to complete audit and security assessments. Respond to requests for information in support of internal and external audits and examinations Demonstrate lapses in PenFed's security environment compared to industry best practices Possess and maintain up-to-date understanding of emerging trends in IT Security Peer-review security architecture design artifacts produced by colleagues and provide feedback Education and Experience Equivalent combination of education and experience is considered. Bachelor's Degree in Information Technology or related field is required Master's Degree in Information Technology or related field is preferred Minimum of fifteen (15) years of experience in Information Technology Minimum of eight (8) years of experience in IT Security is required. Preferably experienced as an Information Security Professional designing secure solutions in an environment comprising of financial and trading systems, and systems handling strictly confidential, personnel and proprietary information Minimum of three (3) years experience as a software developer or software engineer Minimum of one (1) year experience in eCommerce Security, preferred. Must posess the ability to perform complex problem solving skills and formulate creative solutions to IT Security problems Must be able to perform well under high stress situations Shift perspectives to understand the goals and methods of an attacker Enjoys multitasking, organizing and prioritizing complex projects to meet deadlines Expert knowledge of secure architecture design and engineering practices Expert level working experience/knowledge of end-to-end penetration testing Intimate understanding of secure code development and application security assessment tools Experience with SQL security practices, knowledge of zSecure applications, SharePoint security administration and understanding of TCP/IP and LAN network topography Requires ability to work "off hours" to implement solutions in order to limit impact/exposure to customers Supervisory Responsibility This position will mentor security engineers in the department Licenses and Certifications GIAC Certifications such as GCIA Preferred. Work Environment While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise. Travel Limited travel to various worksites is required. Physical Demand While performing the duties of this job, the employee is required to meet the following physical demands: Physical Demand None Seldom Occasionally Frequently Reading x Writing x Sitting x Standing x Walking x Bending, Stretching or Reaching x Driving x Talking on the phone, person-to-person & in group x Hearing on the phone, person-to-person & in group x Vision for near, mid-range, far, peripheral, depth and color x Use of computer x Use of telephone x Use of office equipment x Pushing/pulling/lifting/ carrying from 5 to 50 lbs. x About Us Founded in 1935, and still growing, we began as the War Department Federal Credit Union. Today, PenFed is one of the country's strongest and most stable financial institutions with over 1.5 million members and over $21 billion in assets. We serve members in all 50 states and the District of Columbia, as well as on military bases in Guam, Puerto Rico and Okinawa. Our mission isn't simply to help our members get by. We exist to help them realize every ounce of their potential. We exist to educate, and to encourage. We exist to usher their dreams into the land of reality. We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more. PenFed is an Equal Opportunity Employer PenFed will maintain and observe personnel policies which will prohibit discrimination or harassment against a person because of race, color, creed, age, sex, gender, religion, national origin, ancestry, genetic information, military or veteran status or obligation, the presence of a physical and/or mental disability and all other statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same. PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 703-838-1568.