Security Engineer

Trofi Security
Arlington, VA
Jul 18, 2019
Jul 20, 2019
Full Time
Job Opening - Senior Security EngineerAre you passionate about information security and ready to take your leadership potential to the next level? Join Trofi Security's consulting team of experienced cyber security thought leaders and technical advisors, helping organizations take a proactive and vigilant approach to protect their systems and data. Trofi Security has an entrepreneurial culture built on innovation and service excellence. Our business is to be steps ahead of our clients' needs.Trofi Security has an immediate opening for an expert Security Engineer to join its consulting team full-time with a valued client for 6 months with potential contract extension/full-time employment in Washington DC. Local candidates to DC area only need apply. B2B (1099) arrangement preferred. DescriptionReporting to the Chief Information Security Officer, the Senior Information Security Engineer is responsible for risk assessment based on application, data, and technology architectures; solution design and identifying network vulnerabilities; assistance with creating and maintaining firewalls; and configuring systems to enhance existing security features in compliance with company policies and applicable laws; coordinating investigation and reporting of security incidents. The Senior Information Security Engineer will also monitor, assess, respond to, and document security threats; resolve technical faults and allocate resources to deliver cost effective solutions; and contribute to information security projects to protect company information assets. This position combines project-based work and operational assignments. This will require the practical use and understanding of security protocols and standards, and solid knowledge of information security principles and practices.Responsibilities . Identify security issues and risks and develop mitigation plans.. Participate in incident handling, tier 2 and tier 3 security operations support.. Coordinate and participate in cross-functional team meetings to remediate previously identified security risks and close out pending action plans.. Acquisition and vendor risk assessment due diligence.. Evaluate and recommend new and emerging security products and technologies.. Manage information security policy lifecycle including policy creation, maintenance, and decommission, policy exception/waiver management process and policy change requests. Assist with interpreting security policies and procedures.. Assess information security risks of new projects and non-standard IT requests using risk assessment methodologies based on provided architecture.. Assist with enterprise-wide risk assessment processes.. Architect, develop, deploy and support information security systems and solutions such as strong authentication, key management, IPS, SIEM, antimalware, vulnerability scanners, MDM and others.. Proactively assesses potential items of risk and opportunities of vulnerability on the network.. Interact with internal and external customers on security-related projects and operational tasks.. Participate in 24x7 Information Security Response team. Position RequirementsFormal Education & Certification. BS or MS degree in Computer Science or equivalent field of study.. Information security certification such as CISSP, CISA or CISM, QSA a plus Knowledge & Experience. At least 8 years of experience in the Information Security domain[s] and 10+ years overall technology experience.. At least 3 years of experience in infrastructure or application-level vulnerability testing and auditing. At least 3 years of system, network and/or application security experience. Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography and application security. Knowledge of network and web related protocols (eg TCP/IP, UDP, IPSEC, HTTPS, routing protocols). Experience in IT regulation and compliance standards, such as SSAE-18/AT-101, ISO 27001/27002, PCI, FISMA.. Practical use and implementation of solid knowledge of information security principles and practices; Understanding of IT methodologies, such as software development lifecycle and operations.. Exposures in IT security baseline and procedures development. Strong analytical and problem-solving skills and the ability to "think-out-of-the-box".. Able to work independently or with a team.. Beneficial but not required: Knowledge of Security Practices for Cloud Computing Environments: (SaaS, PaaS, IaaS). Specific Technology and Compliance Knowledge. UNIX, Windows, Linux, coding languages, Network LAN and WAN, Firewalls, Access controls, Authentication, Authorization, Encryption, IPS, Digital Certificates, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture, Proxy services.. ISO 27001/27002, PCI DSS, HIPAA (and other industry specific), related NIST standards.. Exposure to ForeScout, LogRhythm, McAfee EPO, SentinelOne, Rapid7 Nexpose, Cisco, Check Point and Palo-Alto security products a plus. How to ApplyInterested candidates meeting qualifications should email cover letter and resume to for consideration. Local candidates to DC area only need apply. B2B (1099) arrangement preferred.