The Security Engineer’s responsibilities include security system deployments, configuration, monitoring and reporting. This position will have a lead role in performing risk management, vulnerability assessments, penetration testing, log analyzing, security incident response, and working with system, network engineering and development teams on remediation and mitigation of security risks. This position will have a primary role assisting internal and external compliance audits (PCI, SOX, GDPR). The Security Engineer is also responsible for developing, executing and maintaining enterprise security policies and procedures.
Responsibilities & Job Duties
• Daily monitoring of security infrastructure, security logs and tools.
• Maintain and optimize security monitoring and alerting systems.
• Perform penetration tests for web platform and game servers.
• Review system designs and architectures and make security-related recommendations.
• Develop, execute and maintain security policies and procedures.
• Lead incident response and security investigations.
• Conduct vulnerability assessments.
• PCI DSS, SOX and GDPR compliance management.
• Other duties as assigned.
• Bachelor's degree in a technical discipline (CS, CIS, EE) or equivalent work experience.
• 2+ years of experience in information security related roles.
• Experience with central logging tools, methodologies and best practices.
• Experience with penetration testing tools, procedures and best practices.
• Experience with firewall technologies, IPS/IDS tools, vulnerability scanning tools, and other infrastructure security tools.
• Experience with risk management methodologies and frameworks.
• Solid knowledge of Windows & Linux server systems and systems security.
• Solid knowledge of network and web related protocols and vulnerabilities.
• Solid knowledge of PKI concepts, patterns and practices.
• A practical understanding of implementing technologies and processes in support of regulatory requirements (PCI, SOX, GDPR).
• Familiarity with two-factor security systems.
• Ability to create and use scripts (bash, python, ruby, etc.).
• Excellent verbal and written communication skills.
• Self-motivated, flexible, and eager to constantly improve and expand skill set.
• Security related certifications e.g., CISSP, CISM, CISA, etc.
• Log parsing configuration development experience.