Security Engineer; On-Call

Principal Duties and Responsibilities

• Monitor the environment for potential security risks and anomalies
• Analyze and triage of security alerts escalating incidents when necessary
• Produce detailed documentation of analysis and response activities
• Coordinate remediation efforts with other team members as necessary
• Assist with creating and tuning security monitoring use cases
• Assist with creating and improving Threat Management process and procedure
• Generate periodic security metric reports
• Design and conduct formal penetration tests on web-based applications, computer networks, embedded systems and other types of cyber-physical systems to include analysis of the system "as designed", "as built" and "as operating".
• Conduct security assessments of servers, computer systems, and networks to include security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint.
• Understand security aspects related to wireless networks, databases, software development, software applications and company proprietary information

• Bachelor's degree in IT or equivalent experience
• Familiarity with a variety of network architectures, network services, system types, network devices, development platforms and software suites (e.g. Windows, NIX, Oracle, Active Directory, .NET, etc.)
• Knowledge and experience in web application configuration in particular experience with the Linux, Apache, MySQL, PHP (LAMP) stack
• Working understanding of OWASP Top 10 vulnerabilities, how they are exploited, and a notion of how to they are fixed
• Understand the risks/impact your 'attack' will have on the business and its users and work with customer to establish processes to meet security objectives without impacting operations
• A good understanding of Penetration testing methodology (recon [active & passive], vulnerability analysis, exploitation, lateral movement, and reporting) or PTES, MITRE ATT&CK, etc
• Conduct remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security
• Administration or support experience in a large enterprise environment
• Awareness of the incident response lifecycle
• Strong written and oral communication skills
• Participate in special projects as needed and perform other duties as assigned
• Must be able to work independently as well as work as part of a fast moving team
• Certifications including but not limited to OSCP, CEH, CCNA, Security+
• This position is a part-time on-call as needed position.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.