Senior Engineer, IT App Security
Summary PenFed is hiring a Senior Engineer, IT App Security in our McLean, Virginia headquarters. The primary purpose of this job is to provide expert level support in analyzing complex applications, codes, network, and management systems, and for planning, designing, evaluating, and selecting cyber security systems and suites. The Senior Engineer will act as both a project leader and as a well-rounded subject matter expert in the IT Security domain. Essential Functions Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned.
Perform vulnerability assessment and be able to demonstrate the risk to the business and explain the solution/fix to the technical counterparts.
Perform as the project lead providing insights and expert-level expertise in scoping, requirements gathering, security solution design, implementation, operationalization and project closure.
Demonstrate expert level administrative and technical engineering function across all the security domains, including but not limited to application security, network security, penetration testing, security architecture and design, log/event management, certificate management, cryptography, operational security, vulnerability management, risk management, information security governance, access control, business continuity/DR planning, legal regulations, investigations, and compliance.
Identify, test, implement, and maintain security products and processes to cost-effectively and uniformly protect information systems assets from intentional or inadvertent modification, disclosure, or destruction.
Expert level experience in one or more of the following programming languages, Java, .Net, Python, C++, C#, and Ruby.
Expert level experience in cryptography and encryption concepts and technologies.
Automate routine day-to-day security tasks to reduce operational overhead.
Gather requirements from stakeholders for projects and demonstrate capability to understand and accommodate the concerns of other areas of the business when developing solutions.
Propose and implement solutions to observed inefficiencies or other problems in the organization without specific directions from management.
Interface with other IT Security teams including, but not limited to, Certification and Accreditation, Security Engineering, Incident Response, and Event Management, to gather identified information security risks; develop risk profiles for enterprise-wide business applications and identify areas where existing security architecture requires change or development.
Provide expert level guidance to junior staff in the areas of software code review, architecture design and review, hardware and software product evaluation, and project risk review.
Evaluate emerging security technologies including expertise in the testing and integration of new security solutions.
Recommend the application of fixes, patches, and recovery procedures in the event of a security incident. The ability to recreate the attack or identify specific attack vectors is a critical aspect of the job. The candidate is required to demonstrate the details, not just speak to it conceptually.
Perform architectural support for a wide range of security technologies including, but not limited to NGFW, SIEM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access control, identity and access management, and data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensics, software, security incident response.
Create reports from various IT Security systems for the purpose of monitoring critical activities and providing security metrics to IT Security management.
Demonstrate capability to tailor reports and other program output to the needs of the stakeholders.
Participate in assessment of compliance with security regulations such as PCI, GLBA, and FFIEC. Coordinate external assessment teams to complete audit and security assessments. Respond to requests for information in support of internal and external audits and examinations.
Demonstrate lapses in PenFed’s security environment compared to industry best practices.
Possess and maintain up-to-date understanding of emerging trends in IT Security.
Peer-review security architecture design artifacts produced by colleagues and provide feedback.
Bachelor’s Degree in Information Technology or related field is required.
Master’s Degree in Information Technology or related field is preferred.
Minimum of fifteen (15) years of experience in Information Technology.
Minimum of eight (8) years of experience in IT Security is required. Preferably experienced as an Information Security Professional designing secure solutions in an environment comprising of financial and trading systems, and systems handling strictly confidential, personnel and proprietary information.
Minimum of three (3) years experience as a software developer or software engineer.
Minimum of one (1) year experience in eCommerce Security, preferred.
Must posess the ability to perform complex problem solving skills and formulate creative solutions to IT Security problems.
Must be able to perform well under high stress situations
Shift perspectives to understand the goals and methods of an attacker.
Enjoys multitasking, organizing and prioritizing complex projects to meet deadlines.
Expert knowledge of secure architecture design and engineering practices.
Expert level working experience/knowledge of end-to-end penetration testing.
Intimate understanding of secure code development and application security assessment tools.
Experience with SQL security practices, knowledge of zSecure applications, SharePoint security administration and understanding of TCP/IP and LAN network topography.
Requires ability to work “off hours” to implement solutions in order to limit impact/exposure to customers.
This position will mentor security engineers in the department.