The Security Engineer will be responsible for monitoring existing web application security deployments and making official recommendations for mitigations. They are responsible for documenting all complex configurations deployed within our environment, and will work closely with engineers to ensure the customer experience we provide is not interrupted. They will ensure the secure operation of the in-house computer systems, servers, and network connections. This includes checking server and firewall logs, scrutinizing network traffic, establishing and updating malware scans, and troubleshooting. This person will also analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required.
- Keep apprised of emerging threats and evolving customer needs
- Evaluate new systems and products for security monitoring and response
- Assess need for any security reconfigurations (minor or significant) and coordinate with stakeholders to execute them as required.
- Conduct research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
- Build and maintain tools to pro-actively monitor and respond to emerging threats
- Deploy, manage and maintain all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
- Manage connection security for local area networks, the company Web site, the company intranet, and e-mail communications.
- Design, perform, and/or oversee penetration testing of all systems in order to identify system vulnerabilities.
- Recommend, schedule (where appropriate), and apply fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.
- Develop, implement, maintain, and oversee enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.
- Administer and maintain end user accounts, permissions, and access rights.
- Manage and ensure the security of databases and data transferred both internally and externally.
- Monitor server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution.
- Participate in regular meetings with non-technical groups to ensure that all customer concerns are being addressed.
- 3+ years experience in consumer facing web application security.
- 5+ years experience with Linux server administration.
- Scripting experience with Perl, Bash, & Python.
- Understanding of modern cryptographic standards and applications.
- Strong technical background, with a focus on Linux administration, Web Application and Network Security.
- That rare mix of intelligence, integrity, domain knowledge, verbal agility, and diplomacy which allows you to rapidly earn the trust of technically astute teams across the company.
- Demonstrable experience in providing direction, support and mentoring.
- Outstanding interpersonal skills; a sense of humility, impeccable integrity, strong work ethic.
- Experience with “Software as a Service” and contributions to FOSS projects are a plus.
- Experience with software technology start-up.