Lead Security Engineer- Remote

Apply for this position Please mention DailyRemote when applying
timePosted 5 days ago location United States salarySalary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

Overview:

Job Description

DFW Technology company looking for senior level security professional to establish and build a comprehensive security program. This includes setting policies, procedures, guidelines and staffing.


Responsibilities

  • Lead a SecOps team that is responsible for the implementation of all Cloud-Native security and corporate controls
  • Provide technical leadership through mentoring, a commitment to technical excellence, accountability, transparency, and skills development
  • Responsible for screening and testing the organization's security software for vulnerabilities, including existing systems and any new software they might obtain
  • Partner with Security and Compliance teams to identify, manage, document, and implement best practices and automated controls for cloud and internal solutions
  • Stay up to date with the latest application security developments and security trends to continually improve internal processes
  • Assess current applications and architecture to determine methods for automating security testing and control validation
  • Contribute to technical design, product and vendor selection, application and technical architectures related to SecOps, transformation and automation efforts
  • Establish, document, and maintain the security and regulatory posture of platforms and solutions
  • Respond to security incidents by conducting incident response activities involving containment to remediation and lessons learned
  • Collaborate with the operations team to understand the risk of the vulnerabilities at the time of discovery as well as if new information, such as an exploit in the wild, requires reprioritization or a change in tactics
  • Partner with the Development team to understand and address security requirements early in the software development life cycle (SDLC)

Skills & Qualifications

  • Bachelor's Degree in Computer Science or similar
  • 4+ years of experience with Agile, SecOps practices working with cross-functional teams and integrating security into a CI/CD environment
  • 1+ years of experience with securing cloud systems
  • Deep experience with security incident response, including process, metrics, and operational execution
  • Solid Experience in performing security vulnerability assessment and deployment of relevant tools ( i.e Nessus, other )
  • Strong WAF and Security Modelling, proven experience writing WAF rules
  • Knowledge of any CyberSecurity Frameworks such as CIS, NIST, ISO, COBIT
  • Understanding of SecOps principles, tools, and their application for Cloud-Native Applications including Terraform, Kubernetes, Docker, Istio, Envoy
  • Hands-on experience in security systems, including firewalls, intrusion detection systems, authentication systems, log management, content f iltering, penetration test tooling (based on NIST CSF / OWASP), and automated vulnerability testing
  • Broad knowledge of security monitoring, prevention, and control techniques and how they can be applied in a traditional IT environment as well as cloud-based systems

Pluses

  • Experience with the use and deployment of Nginx, Postgres, Redis, Memcached, GitLab/GitHub, and the Atlassian platform
  • Experience with cloud-based security management / IDS /IPS / SIEM / DLP tools such as Splunk, AlienVault, AlertLogic, Prisma Cloud, Threat Stack, OWASP ZAP, OWTF
  • Experience with one or more SSO methodologies (SAML, LDAP, MS AD)
  • Experience leading Computer Incident Response Team (CSIRT)
  • Experience creating and implementing Data Classification Policy and Data Loss Prevention controls
  • Experience establishing compliance and system hardening using CIS frameworks and vulnerability scanners
  • Preferred certifications: CISSP, Security+, CEH, CCSP, ITIL, CISM