IT Security Engineer
San Diego, CA 92101
Are you ready to join a cool company that is a leader and innovator in their field? Join our team!
This Position is responsible for proactively maintaining the company’s information security systems, processes, and procedures to protect and preserve the confidentiality, integrity, and availability of all data and systems. This position will also drive company-wide support for security programs through the operationalization and documentation of all security-related tasks, working very closely with development & operations teams, product owners, and other groups.
Some of what you will be working on:
- Serves as a security expert and provides technical leadership to other staff members.
- Conducts security reviews of web applications, services, integrations, and APIs
- Pinpoints methods and attack surfaces attackers use to exploit weaknesses and logic flaws
- Conducts Cloud & Network infrastructure reviews, Systems infrastructure, Application configurations, and Software Code reviews.
- Reviews, maintains and enhances current scanning and testing tools
- Manually verifies security vulnerabilities identified by automated tools
- Documents identified security vulnerabilities and related matters in a clear, concise and timely manner
- Meet with the operations and application teams to review, describe and explain identified security vulnerabilities and possible remediation
Our successful candidate:
- 3 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, database design and administration; minimum of 2 years of experience with information security
- Preferred certifications include OSCP, CEH, Sec+, CISSP, CISM, CSSLP, and/or CISA
- Strong understanding of security controls/services in public cloud environments (AWS/Azure)
- AWS Certified Security Specialty
- Experience on a Security Operations or DevSecOps team, or experience responding to security incidents autonomously utilizing excellent coding skills.
- Strong understanding of cloud and Kubernetes networking and network security.
- Experience in technologies such as Terraform/, Azure DevOps, encryption technologies, IAM, K8s, and containers.
- Understanding the best practices, control frameworks, and applicable existing and new legal/regulatory requirements (e.g., SEC Regulation S-P, FINRA cybersecurity recommendations, data privacy and breach notification laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, and PCI DSS)
- Experience with other security solutions, such as EDR, SASE, firewalls, DLP, NAC, IDS/IPS, and vulnerability assessment tools
- Knowledge of security frameworks and standards, including MITRE Att&CK, OWASP, and NIST
FOR OTHER OPPORTUNITIES AT TRISTAFF, PLEASE VISIT OUR WEBSITE AT www.tristaff.com