Information Security Engineer at Verato
McLean, VA, US

We’re seeking an Information Security Engineer to help us achieve a world-class operational, infrastructure, application, and incident response posture to protect critical assets for the company and its customers. You will have a broad understanding of the modern cyber security landscape, with a background in intelligence gathering, incident response, application security, and process documentation. You will work with a team of accomplished Engineers and Data Scientists, and will be relied on as a technical contributor with a focus not only on engaging in the right activities, but achieving the right results.

What You Need for this Position

Your education, skills, and experience position you to provide immediate help in as many of these areas as possible, with bonus points for in-depth experience in understanding of key subdomains.

Risk Assessment

  • Vulnerability scans
  • Penetration tests (incl. social engineering)
  • 3rd Party (e.g., vendor) risk assessment
  • Data-centric risk assessment

Threat Intelligence

  • Internal
  • External
  • Online Threat Information Sources
  • Indicators of Compromise

Security Operations

  • SIEM
  • Vulnerability Management
  • Data Loss/Leakage Prevention
  • Incident Response

Security Engineering

  • Security Architecture
  • Identity and Access Management
  • Access Control, SSO
  • Secure Software Development
  • Cryptography

Cloud Security

  • AWS Roles, Policies, Resources and Credentials
  • User provisioning, SAML, OpenID Auth, etc.

Qualifications (The more of these you can satisfy, the better):

  • Bachelor’s degree (CS, EE, etc. preferred) or equivalent experience
  • CISSP certification or similar a plus
  • Experience with SIEM technologies, and best practices for visibility into events
  • Malware detection, analysis, exploitation, containment, and eradication techniques
  • Skill in Penetration Testing, Vulnerability Management, Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Web Application Security, Risk Assessment and Mitigation Methodologies, and Counter Threat Operations
  • Experience monitoring and managing network and host-based intrusion prevention systems, malware prevention systems, vulnerability scanning solutions, DDOS protection, SIEM, host-based integrity checking, endpoint security and AV
  • OS X, Linux, Windows
  • Experience applying knowledge of information security concepts and theories through technical and non-technical methods
  • Solid understanding of cyber security threats, risks, vulnerabilities, and attacks, giving insight into threat actor motives, capabilities, and techniques
  • Demonstrated ability to meet deliverables, timetables, and deadlines
  • Personal integrity and high ethical behavior at all times to inspire confidence in clients, peers, partners, and employees
  • Knowledge of current and emerging security and information technology standards and practices
  • Acquaintance with security compliance regimes: NIST, PCI-DSS, ISO 27000, HITRUST, HIPAA CIS, etc.
  • U.S. Citizenship or Permanent Resident is required
  • Able to pass a public trust security clearance