Puesto:
IT Security Remediation Engineer
Descripción del trabajo:
Job Summary
We are seeking an IT Security Remediation Engineer to work within our vulnerability remediation team with combined security and information technology experience. This position will respond to security alerts and investigate potential data and security incidents. Security audits and reviews are performed frequently to identify security gaps in our architecture in accordance with PCI, SOC2 and customer defined controls and any artifacts discovered during these audits are remediated by this team. Your focus will be on compiling, researching, and analyzing vulnerability data for the various stakeholders to develop and determine the best path forward.
The IT Security Remediation Engineer will implement security measures to resolve data loss vulnerabilities, mitigate risk, and recommend security changes or system components as needed. The position will require daily collaboration with IT and business units on security and project related issues in one or more IT functional areas (e.g. data, systems, network, and/or applications) across the enterprise.
Essential Functions:
Collaborate with the Global Security team on the identification and validation of vulnerabilities
Conduct research to assess software patches and configuration changes to be applied to varied infrastructures.
Coordinate with the Business Units to plan and ensure corrective actions are implemented to address identified vulnerabilities
Perform comprehensive analysis of vulnerabilities and reports to help develop and implement appropriate remediation strategies
Provide support to the Business Units to address concerns, issues, and escalations related to vulnerability findings and/or remediation plans
Serve as a point of contact for internal and external auditors
Maintain current knowledge of best-practices and the threat-landscape
Assess priorities with vulnerabilities to ensure highest risk vulnerabilities are mitigated according to their exposure
Remain current on cyber security trends and intelligence to enhance the security analysis and the identification capabilities for the incident response team
Provide after-hours on-call support (rotational schedule)
Support security appliances and software as needed.
Requisitos:
Education:
Bachelor's Degree Computer Science or a related field
4+ years of related experience in the Information Technology industry
Required Experience:
Experience with Cybersecurity tools relating to Firewalls, Network Monitoring, IPS, Vulnerability Scanning, Incident Triage and Remediation, Data Loss Prevention, etc.
Familiarity with security risk management frameworks and hardening guidelines (e.g., NIST 800-53, CIS Benchmarks, etc..)
Extensive knowledge of Windows Server, Linux, and VMware technologies
Excellent communication and presentation skills when presenting proof of concepts, findings, conclusions, and other information to a variety of audiences
Hands on experience reviewing and analyzing vulnerabilities, assessing the level of risk and ability to provide reasonable recommendations for remediation
Fundamental understanding of Operating Systems and network protocols
Understanding of security controls on common platforms and devices
Outstanding organizational skills with the ability to prioritize and execute
Ability to manage stakeholder relationships
Ability to work independently to achieve commitments
Excellent interpersonal and communication (verbal and written) skills to all levels of the organization
Process and technical documentation skills
Strong analytical and problem-solving skills
Preferred Experience:
Industry certifications such as CISSP, CAP, Security+CE, CCNS Security, CySA+, CISM or MSIS or other Security related certifications are helpful
Understanding of Cloud computing security frameworks such as COBIT, SABSA, ISO/IEC 27001 and NIST Cyber Security
Experience with PowerShell or other scripting languages
Experience with VMware or comparable virtualization platforms
Salario:
USD 2,500
Contacto:
javier@xrecruit.io
Empresa:
XRecruit
Fecha de publicación: