Job Title: Senior Security Engineer

Location: Any India based remote or Ensono office location

Job Function Overview:

The Senior Security Engineer is an individual with a strong background in information security technologies and processes. The Senior Security Engineer, under the direction of the Security Engineering Senior Manager, will be part of an expanding team responsible for engineering security solutions for a global managed service provider. The Senior Security Engineer will participate in evaluating, developing, implementing, and maintaining security tools, standards, procedures and guidelines for multiple platforms and diverse system environments. The Senior Security Engineer will need to be able to ensure that the solution aligns with architectural and business models to achieve optimal solutions for Ensono and its clients.
 

This individual will have the opportunity to enhance their technical abilities while working across a variety of security technologies to include but not limited to vulnerability management, data loss prevention, intrusion detection/prevention, log management and security incident & event management, and firewalls. This position serves as a senior security professional and is responsible for owning and driving security projects and solutions to meet internal and customer security and compliance needs.

Able to work in US business hours (India evening shift). After-hours and/or on-call duty may be required.

Responsibilities include:

Strong technical writing skills to include the ability to provide clearly written and detailed reports on projects for communication to leadersThe design, implementation, and administration of information security solutionsSupport internal and customer auditing requirementsCreate internal and customer facing security architectures, standards, and proceduresAlign procedures, processes, and security tools to support a single global cybersecurity modelProvide guidance to and mentorship to other Engineers and the Security Operations CenterLead incident response as necessary per the Ensono Incident Response PlanEvaluate, test, and implement security application upgrades and patchesProvide consultative advice on threats and vulnerabilitiesInteract with other teams to create, maintain, and implement security hardening standardsDesign and maintain systems to comply with compliance standards such as SOC, PCI-DSS, etc.Perform or assist with penetration testing activitiesReview and approve architectures, applications, and networks using security best practicesProvide recommendations and assist with the creation of security product roadmapsConsult with product owners to ensure alignment of solutions to security product offerings

Knowledge and skills:

10 or more years of full-time experience in an information security positionAbility to lead or manage multiple security engineering projects simultaneouslyCloud security solutions such as Microsoft 365 Defender, Security as a Service implementationsKnowledgeable of network and cloud architecture concepts to include virtual firewalls and containersExceptional understanding of TCP/IP based networks, DNS, firewalls, encryption, security concepts, common attack vectors/typesGood understanding of malware classification, entry vectors and propagation channelsExperience with digital forensics, penetration testing, or leading Red-Blue Team activitiesStrong knowledge or experience with network anomaly detection toolsExperience with vulnerability scanning tools and experience evaluating vulnerability risksExperience with developing or implementing APIs across security toolsetsExperience working with 3rd party auditors and compliances such as for PCI-DSS, SSAE SOC1/SOC2, and/or ISO270001Experience with security incident response in a large enterprise environmentExperience with scripting such as VBScript, PowerShell, or PythonExperience in creating clear and robust security standards, procedures, and metric reportingAnti-malware applicationsSignificant knowledge or experience with SIEM architecture, implementation, and tuningHost and network based IDPS applicationsSecurity auditing and forensics tools (Metasploit)Experience in creating and implementing system hardening standards across the enterpriseCertificate management applicationsWeb application gatewaysSelf-driven in learning new security frameworks and technologiesManaged Security Service Provider (MSSP) experience desiredStrong communication skills with the ability to lead through influencing and collaboration

Education:

Security certifications such as CISSP, CISA, CISM, CEH, SANS GIACBachelor’s degree in information security or a related field of study