Senior Security Engineer

Act as a technical subject matter expert for the department regarding information and cyber security technologies and landscape. Perform software security tasks of a highly complex nature which require extensive research and analysis.  Assume project and technical leadership roles across the department. 

Responsibilities 

• Perform a digital footprint analysis, classifying assets and their sensitivity levels.  Define, harmonize, centralize, and manage the security logging and monitoring practice across customer facing products and development infrastructure.  Monitor and manage suspicious activity.  Prioritize and fine-tune settings and recommend hardening techniques to move issues towards resolution.
• Evaluate, test and implement new security technologies and/or tools that enhance detection and response capabilities. Install and configure firewalls, SIEMS, and endpoint security software.  Stay up to date on the latest emerging security technologies and how they might impact or be leveraged for the security of Software Development products and systems. 
• Assume a leadership role and drive consensus in educating teams regarding security strategy, landscape, protocol, and technologies.  Collaborate with team members to identify key security gaps and areas for improvement.  Conduct training sessions and workshops for team members and employees to raise awareness about security threats.  Assist with the high-level architectural design of software products as it relates to software security.
• Anticipate, audit and act as a critical business continuity team member. Assist in real-time security incident handling to ensure efficient mitigation and remediation efforts, minimizing risk and impact to the company.  Work closely with teams to ensure that learnings are used to make development’s internal systems and products more secure and resilient to future attacks.

Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, IT, or a closely related discipline or equivalent experience.
• Deep knowledge of cloud security principles and tools including SIEMS, intrusion detection and prevention systems, log analytics, Microsoft Defender, Azure Sentinel and Azure DevOps.
• Experience managing application or DevSecOps “Blue Team” security programs.
• Proven experience in application security, including threat modeling, secure coding, and vulnerability management.
• Strong understanding of web application architectures, technologies, and protocols.
• Familiarity with industry standards and frameworks such as OWASP, ISO 27001, and NIST.

The following is also desirable:

• Information/Cyber Security certification such as CISSP or CompTIA+.
• Experience with source control systems such as Team Foundation Server or Git.
• Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
• Experience with standard web application security tools such as Arachni, Brakeman, and BurpSuite.
• Familiarity with security best practices for Kubernetes based cloud applications.
• Experience using an agile development process.

Minitab is an equal opportunity employer