Senior Security Engineer

Location: Pittsburgh, PA

Job Type: Full Time / Permanent

The Senior Security Engineer will provide technical support on the team involved in information security response, security monitoring, and supports audit/compliance and cyber forensic activities for the company. The successful candidate will have extensive knowledge and experience with Secure Mail Gateways and EDR solutions. The candidate will also need to have an understanding of SIEMs, security operations processes, incident response, event analysis, threat intelligence, and security skills development.

Additionally, this position is required to work to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. This role serves as an internal information security consultant to the organization and requires security systems administration, network administration, application security skills and project management experience.

Responsibilities:

  • Work as part of a team of Information Security professionals supporting the enterprise
  • Engineering security tooling and compensating controls for our corporate and public facing systems
  • Triage and respond to concurrent security incidents
  • Escalate issues to senior staff/management as required
  • Document incident results and report details to the security organization
  • Respond to internal customers, partner’s and auditor’s request for information regarding the corporate security event management capabilities
  • Document existing and new processes, mature existing documentation.
  • Research, analyze and understand log sources (such as firewalls, Cloud platforms, EDR solutions, secure mail gateways, and operating systems
  • Assist and participate with security incident management processes
  • Will be required to support the day-to-day operations of security controls within the following areas: whitelisting, mobile security, web filtering, Windows, VMware, compliance monitoring and application reviews
  • Ensure proper metrics, analysis, and reporting for continuous process improvement

Education & Experience:

  • Bachelor’s Degree or Equivalent Work Experience
  • 4-8 years’ experience
  • Certifi
  • CEH
  • Security+
  • GIAC GSEC
  • CISSP
  • CCSP
  • Experience in the administration of multiple operating systems
  • Must understand the potential types of attack and protection/mitigation for digital online client facing systems (such as OWASP Top 10, Bot Mitigation, WAF configuration, password policies, etc.)
  • Ability to utilizing scripting and developer skillset for automation
  • Must possess a solid understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST)
  • Experience in IT security triaging incidents with security and analysis tools
  • Be capable of partnering with business and IT teammates as a trusted advisor on information security governance, risk, and compliance matters as required
  • Experience in scripting languages such as Python, PowerShell, Bash, etc.
  • Programming Language experience a plus, specifically Java, .Net, or JavaScript
  • Candidates must have an understanding of incident response methodologies and technologies
  • Strong understanding of cloud technologies, email gateways, and EDR solutions
  • Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with associates
  • Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis
  • Candidate must be able to react quickly, decisively, and deliberately in high stress situations
  • Highly motivated individual with the ability to self-start, prioritize, and multi-task
APPLY NOW