This job listing has expired and the position may no longer be open for hire.

Sr. Security Engineer - Remote or On Site at Inmar in Winston Salem, North Carolina

Posted in Science 30+ days ago.

Type: Full-Time





Job Description:

Position Summary:

This position can be located on site at the headquarters in Winston Salem, NC or remote within the continental US.

The Sr. Security Engineer has a strong development experience in numerous programming languages.  This role is the SME for concepts behind security controls and how they apply to application development, web presence and API services. This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery and minimal overhead. They work in a team of infrastructure specialists and engineers making sure services are delivered and used securely as required. Works with and supports third parties to provide security services. The Sr. Security engineer will advise and enable development and technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns.  Additional insights, experience or background in any of the following are also of great value NIST, ISO27001, Data Protection, Java Development, Static Code Analysis, Dynamic Code Analysis, PEN Testing, Containers, MicroServices, CICD Pipeline, Agile, GitHub, Jira, Docker, Kubernetes, cloud security (AWS, Azure, GCP) and design, process maturity, and other related focuses

  

Primary Accountabilities:

 

Technical (100%)


  • You will become the primary security expert for multiple product lines, and act as the point of contact for engineering and security.


  • Perform architecture reviews to steer projects in the right direction, participate in security code reviews, and automate penetration testing against products prior to move to production.


  • Support engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure their architecture.


  • Review development frameworks for security functionality, consistency, and uplift opportunities.


  • Create threat models and leverage them to prioritize time based on risk impact.


  • Educate and train product teams.


  • Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects


  • Implement and/or assess existing security controls


  • Translates logical designs into physical designs. Produces detailed designs and documents all work using required standards, methods and tools, including prototyping tools where appropriate. Designs systems characterized by managed levels of risk, manageable business and technical complexity and meaningful impact. Works with well-understood technology and identifies appropriate patterns.


 

Required Qualifications:


  • Bachelor’s degree in Computer Science, Information Technology or related field or equivalent work experience required.  Masters degree preferred


  • 7+ years of related work experience in security engineering


  • Certifications preferred.  OSCP, CISSP, GCIH, GXPN, GPEN


  • Strong experience in web and mobile application security 


  • Strong experience in distributed platform development security and design


  • In-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)


  • Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)


  • Experience with industry tools and technologies such as Burp, Metasploit, etc.


  • Working knowledge of common languages such as Python, GO, Javascript, Java, etc.


  • Familiarity in public cloud security deployment and implementation issues (AWS, Azure, GCP)


  • Familiarity with audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc.


  • Proven expertise in enterprise-grade and web scale security solutions


  • Excellent communication skills


  • Ability to explain complex security topics in simple terms


  • Ability to lead and project manage multiple security initiatives



  • Identity and Access Management



    • Solid working knowledge of physical and logical access


    • Solid working knowledge of LDAP


    • Solid working knowledge of Multi-factor authentication


    • Solid working knowledge of Session management


    • Credential management





  • Security Operations



    • Participates in Investigations


    • Participates in operational, criminal, civil, and regulatory investigations


    •  Works with logging and monitoring


    • Performs security operations granting permissions based on Need-to-know and least privilege


    • Participates in Incident management


    • Manages and configures IDS and IPS





  • Software Development Security



    • Aware of software development lifecycles


    • Aware of what software development methodologies are used in the enterprise and can explain what it means


    •  Familiar with DevOps concepts



    • Aware of Security vulnerabilities and understands how the following work



      •  Bounds checking


      •  Input/output validation


      • Buffer overflow


      •  Privilege escalation




    • Aware of secure coding practices


    • Uses code repositories




Individual Competencies:


  • Teamwork: Builds relationships and works cooperatively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually-beneficial partnerships, leverage information and achieve results.


  • Adaptable: Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.


  • Innovative: Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.


  • Curious: A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.


  • Problem Solving: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.


  • Communication: Giving and receiving messages and information in written, oral, and visual formats in a clear and concise way for a complete understanding of meaning and intent.


  • Collaboration: Works collaboratively with others to achieve group goals and objectives.


  • Effective Execution: Translates broad conceptual understanding of the company's strategy into a tactical plan of how it will happen including who will take on which tasks in what sequence, how long those tasks will take, how much the tasks cost, and how each task affects subsequent activities.


 

The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job.

While performing the duties of this job, the associate is: 


  • Regularly required to use hands to finger, handle or feel objects, tools or controls, and reach with hands or arms.


  • Regularly required to talk or hear and read instructions on a computer monitor and/or printed on paper.


  • Occasionally required to stand, kneel or stoop, and lift and/or move up to 25 pounds.


  • Regularly required to view items at an extremely close range and must be able to adjust and readjust focus.


Occasionally: Job requires this activity up to 33% of the time

Frequently: Job requires this activity between 33% - 66% of the time

Regularly: Job requires this activity more than 66% of the time

 

Safety:

  • Support a safe work environment by following safety rules and regulations and reporting all safety hazards.

As an Inmar Associate, you:


  • Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations.


  • Treat clients and teammates with courtesy, consideration and tact; you also have the ability to perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client.


  • Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually-beneficial partnerships, leverage information and achieve results.


  • Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability.


  • Understand that results are important and focus on turning mission into action to achieve results following the principles of Flawless Execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.


#LI-RR1





More jobs in Winston Salem, North Carolina

Management
about 11 hours ago

Unifi Manufacturing Inc.
General Business
about 23 hours ago

Pepsi Bottling Ventures
General Business
about 23 hours ago

Pepsi Bottling Ventures
More jobs in Science

Science
4 minutes ago

FINRA
Science
about 1 hour ago

T. Rowe Price
Science
30+ days ago

Tricentis Americas, Inc.