Senior Security Engineer Vesta
Employment Type:Full Time
Support network security efforts such as firewall audits, network design reviews and internal security consulting.
Audit Information Systems and Network devices against corporate security standards and PCI requirements.
Oversee network security tools such as IDS/IPS, application and system scanning programs.
Keep current with new developments in security industry including alerts, bugs, vulnerabilities, and viruses and evaluate and report on their potential business impact.
Keep current with the progress of technology in the network security space in areas of network design, security products such as firewalls, IPS/IDS, wireless security, VPN.
Develop reports and metrics to communicate team accomplishments and security status of various environments.
Provide thought leadership for security technologies in use at Vesta.
Document findings from tests in reports to technology management, along with proposed remediation plans.
Anticipate and understand threats to Vesta?s business at large and build a plan to verify and document those threats.
Develop a familiarity with new and existing tools in the application security testing space and identify opportunities for Vesta to leverage those tools. Generally act as the company expert on application security.
Independently plan and execute safe penetration tests that maximize the learning opportunity and value of those tests without putting the business at risk.
BS/MS in Computer Science/Information Security or BS/MS and relevant experience in Information Security.
6+ years experience in Information Technology with a minimum of 3+ years in corporate or information security with experience in technical audits, analysis and design. (certifications such as CISSP, GIAC, PCI ISA, or similar such as experience at a certified PCI QSA arepreferred).
3+ years experience in one or more of the following: Technical Safeguards (network access controls, encryption/decryption of electronic transmissions, network segmentation, authentication/authorization), Administrative Safeguards (security policy and procedure).
Experience performing technical audits of computer systems and network for regulatory compliance purposes.
Working knowledge of PCI, HIPAA, and SOX leading security practices.
Experience in network infrastructure security with hands on experience in two or more of the following:
Familiarity and a working knowledge of general security administration processes and frameworks, metrics collection and reporting.
Familiarity and working knowledge of Unix/Linux and Windows host operating systems and security capabilities.
Familiarity with application security concepts and frameworks such as OWASP.
Strong communication, organizational, interpersonal, time management, and project management skills.
Ability to work as an individual contributor and supervise and direct the work of others.
||11950 Southwest Garden Place |
Portland, OR 97223