About the job

Job Title: Senior Security Engineer

Location: Any India based remote or Ensono office location

Job Function Overview:

The Senior Security Engineer is an individual with a strong background in information security technologies and processes. The Senior Security Engineer, under the direction of the Security Engineering Senior Manager, will be part of an expanding team responsible for engineering security solutions for a global managed service provider. The Senior Security Engineer will participate in evaluating, developing, implementing, and maintaining security tools, standards, procedures and guidelines for multiple platforms and diverse system environments. The Senior Security Engineer will need to be able to ensure that the solution aligns with architectural and business models to achieve optimal solutions for Ensono and its clients.

This individual will have the opportunity to enhance their technical abilities while working across a variety of security technologies to include but not limited to vulnerability management, data loss prevention, intrusion detection/prevention, log management and security incident & event management, and firewalls. This position serves as a senior security professional and is responsible for owning and driving security projects and solutions to meet internal and customer security and compliance needs.

Able to work in US business hours (India evening shift). After-hours and/or on-call duty may be required.

Responsibilities include:

Strong technical writing skills to include the ability to provide clearly written and detailed reports on projects for communication to leaders

The design, implementation, and administration of information security solutions

Support internal and customer auditing requirements

Create internal and customer facing security architectures, standards, and procedures

Align procedures, processes, and security tools to support a single global cybersecurity model

Provide guidance to and mentorship to other Engineers and the Security Operations Center

Lead incident response as necessary per the Ensono Incident Response Plan

Evaluate, test, and implement security application upgrades and patches

Provide consultative advice on threats and vulnerabilities

Interact with other teams to create, maintain, and implement security hardening standards

Design and maintain systems to comply with compliance standards such as SOC, PCI-DSS, etc.

Perform or assist with penetration testing activities

Review and approve architectures, applications, and networks using security best practices

Provide recommendations and assist with the creation of security product roadmaps

Consult with product owners to ensure alignment of solutions to security product offerings

Knowledge and skills

10 or more years of full-time experience in an information security position

Ability to lead or manage multiple security engineering projects simultaneously

Cloud security solutions such as Microsoft 365 Defender, Security as a Service implementations

Knowledgeable of network and cloud architecture concepts to include virtual firewalls and containers

Exceptional understanding of TCP/IP based networks, DNS, firewalls, encryption, security concepts, common attack vectors/types

Good understanding of malware classification, entry vectors and propagation channels

Experience with digital forensics, penetration testing, or leading Red-Blue Team activities

Strong knowledge or experience with network anomaly detection tools

Experience with vulnerability scanning tools and experience evaluating vulnerability risks

Experience with developing or implementing APIs across security toolsets

Experience working with 3rd party auditors and compliances such as for PCI-DSS, SSAE SOC1/SOC2, and/or ISO270001

Experience with security incident response in a large enterprise environment

Experience with scripting such as VBScript, PowerShell, or Python

Experience in creating clear and robust security standards, procedures, and metric reporting

Anti-malware applications

Significant knowledge or experience with SIEM architecture, implementation, and tuning

Host and network based IDPS applications

Security auditing and forensics tools (Metasploit)

Experience in creating and implementing system hardening standards across the enterprise

Certificate management applications

Web application gateways

Self-driven in learning new security frameworks and technologies

Managed Security Service Provider (MSSP) experience desired

Strong communication skills with the ability to lead through influencing and collaboration

Education:

Security certifications such as CISSP, CISA, CISM, CEH, SANS GIAC

Bachelor’s degree in information security or a related field of study