The Junior Security Engineer implements, runs and maintains various security tooling in our security team. The Junior Security Engineer is a subject matter expert in one or more security tools. The Junior Security Engineer interacts within the security team, as well as with other teams to enable integration and implementation of the tool, as needed. The Junior Security Engineer documents architectures and processes related to the tooling, and keeps them current. 

Job Expectations: 

• The main focus for the position is implementing and running Security Tools
• At least on a conceptual level, a strong knowledge of systems in a cloud environment, on-prem systems, and networking is required.
• Can assist in the review, monitoring and/or auditing of applicable daily Security Log Activity and Events. Take action as necessary; escalate to senior staff if required. Logs could include, but are not limited to the following:
  • Vulnerability Scans – Kubernetes/Containers
  • Vulnerability Scans – Database
  • Vulnerability Scans – PCI ASV
  • Active Directory Changes
  • User Activity
  • Netflow Analytics
  • Firewall and ACL Changes
  • SIEM
  • DAST Scan Results (e.g. Acunetix, Burp Suite, etc.)
  • Group Policy Changes
  • Cloud Security Tooling
• Where needed, update or create documentation for security tools. For example, SOPs, architecture documentation, etc.
• Co-authoring information security policies and defining procedures to implement industry best practices.
• Working on problems involving enterprise security risks with minimal supervision.
• Perform as a Subject Matter Expert in the realm of Information Security with cross-functional teams in the organization.
• Participating in projects to identify security issues proactively through analysis of network traffic, software and hardware testing, log review and consultation with users.
• Coordinate with vendors and external security teams to address security issues for external IT services and systems.
• Working with various corporate security systems.
• Work with IT End User Support staff in analyzing security-related events to assist with escalation decisions.
• Evaluate the impact to the organization of current security advisories, publications, and trends.
• Apply automation to simplify routine tasks.
• Support our compliance programs (such as PCI-DSS) by helping implementing and documenting controls, examining evidence for compliance to standards. 
• Conduct Risk Assessments in accordance with Policies and Standards; Document, and work with business units to remediate findings.
• Working on problems involving enterprise security risks with minimal supervision.
• Other duties as assigned or requested.
• This position may require on-call activities at off-hours.

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job. Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

Knowledge, Skills and Abilities:

Required: 

• 3-5 years experience in information systems as a system administrator or engineer, cloud administrator, network administrator, with at least two of those with direct information security duties; or security engineer role.
• Experience with cloud, systems, and network security.
• Experience with containers (Docker, Kubernetes, …) strongly desired.
• Experience with various tooling in the Information Security space.
• Experience working with Splunk or other SIEM tools.
• Experience in researching, analyzing and recommending information security solutions.
• Strong organizational, excellent written, verbal and interpersonal communication skills are needed to work effectively with a wide variety of staff, outside consultants and vendors.

The successful candidate shall have demonstrable experience in at least 1 of the following areas. Examples of expertise are for clarification and not to be considered exhaustive:

• Security Engineering / Operations
  • Identity Management
    • Authentication and Authorization
    • User Behaviour Analytics
    • Single Sign On
  • Systems Security
    • OS Security Hardening (Windows, Linux, MacOS, iOS, Android)
    • Knowledge (or the capacity to quickly gain knowledge) of encryption theory and practice (e.g. TLS, HMAC, RSA, AES, PKI)
    • EDR Tooling (Endpoint Detection & Response)
  • Security Monitoring
    • Log Management (SIEM)
    • IDS/IPS
    • Packet Capture Dissection
    • Automation
  • Security Architecture
    • Designing Secure Architectures
    • Cloud and Multi-Cloud Environments
    • Risk-Based / Security Controls
    • Defense-In-Depth
    • Zero-Trust
• Incident Management / Response
  • Incident Response
    • Definition of use cases, creation of alerts
    • Automation of recurring event handling (e.g. Scripting, SOAR tooling)
    • Conduct or collaborate on forensic examinations of digital records, logs, and other data.
  • Incident Management
    • Definition of playbooks / Procedures
    • Post-Mortem Analysis and improvement Plans
    • Blue Team / Red Team experience
• Application Security
  • Web Application Security
    • Attack Techniques
    • Secure Coding Practices
    • Common Vulnerabilities and Mitigation
    • Manual Code Reviews
    • Perform security reviews and provide insights throughout all phases of software development.
  • Threat Modeling and Security Controls
    • DREAD
    • STRIDE
    • NIST CSF
  • Data Security/Privacy Practices
    • Anonymization methods
    • Tokenization methods
    • Masking methods

Knowledge Requirements:

• Possess a basic understanding of PCI Compliance and Privacy Requirements (e.g. EU GDPR, California Privacy Act, …).
• Strong knowledge of multiple security tools for both Cloud and On-Prem scenarios.
• Good knowledge of at least one cloud provider, such as AWS (Amazon Web Services), GCP (Google Cloud Platform), Azure, or other cloud platforms and related technologies is strongly desired. 
• Provided support for strategic business process/reengineering projects by consulting as appropriate, and work on multiple technically complex high profile projects. 
• Demonstrate an understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance. 
• Demonstrable experience with integration in Splunk or other SIEMs for various security tools is a plus.
• General understanding of security fundamentals (cryptography, least privilege, segregation of duties,…) and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, identity management, directory services, etc. 
• Knowledge of Active Directory, DDNS, Group Policy (GPO), Microsoft Windows Server and Desktop operating systems, Linux, …
• A working knowledge of information security practices and concepts including intrusion detection/ prevention, access controls, risk analysis, vulnerability scanning, and data encryption.
• Scripting/programming skills such as shell scripting, Python, Perl, … are a big plus.
• Strong work ethic, including consistent documentation
• Ability to work in a fast paced, rapidly changing environment and a strong desire to learn

Education Requirements: 

• Bachelor’s Degree in Information Technology, Information Security, Computer Science, or a related field required. A very strong experience may be considered as an alternative.
• Advanced industry certification strongly desired, e.g. SANS GIAC, CompTIA Security+, CISSP, CISM, Certified Cloud Security Professional (CCSP),...

#LI-DL1