We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment. Change the world by connecting people and capital with ideas. Solve the most challenging and pressing engineering problems for our clients. Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action. Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.
JOB DESCRIPTION & RESPONSIBILITIES
Become an expert in the Company's technology stack to understand points of weakness and opportunities for security solutions.
Assist in monitoring Company's IT control environment to identify key risks, related controls and gaps, document and report results to management.
Assist with third party vulnerability testing process; document and report results to management.
Collaborate with internal stakeholders on addressing systemic security issues.
Perform monitoring of security tools and oversee remediation of items identified.
Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to detect actual or potential security related incidents, and ensure timely remediation by the applicable party.
Identify, implement, and maintain the controls and procedures required to cost effectively and uniformly protect Compay's information system assets.
Monitor, track, and document information security related incidents to ensure a prompt and efficient resolution.
Provide support and evidence collection for internal and external audits and risk assessments.
Consults with management to assist with developing corrective action plans for identified audit, risk, Information Security, and IT findings.
Research, design, and participate in or lead the implementation of security initiatives.
Stay current on the latest information technology and security trends; recommend corrective actions as identified and needed through Information Security initiatives.
Assist in developing Company's-wide best practices for IT and Information security.
PRIMARY SKILLS
4-6 years of experience with design, testing, development, migration & integration within a medium-to-large organization.
Experience conducting vulnerability scans and validating scan data across workstation, server, network, and peripheral devices.
Operational experience with Vulnerability scanning, Incident Response, Endpoint Detection and Response, Monitoring and Logging including hardware refresh, software testing, software upgrades, and complex troubleshooting techniques.
Current experience in security threats, solutions, security tools and network technologies along with a keen ability to diagnose and troubleshoot technical issues.
Proven knowledge of core AWS products and services (e.g. VPC, EC2, S3, RDS, ELB, ALB, WAF, Lambda), AWS (Iaas & Paas Components).
Proficiency is one or more programming languages (Python, Java, Go etc.)
Proficiency in both Windows and Linux architectures.
Hands-on experience with vulnerability scanning tools: for example, tools such as Qualys, Rapid7 -Nexpose, or Tenable – Nessus, etc.
Hands-on experience with EDR tools: for example, tools such as Tanium, Crowdstrike, Cisco AMP, McAfee, etc.
Working knowledge of network monitoring, management, and analysis tools such as, Splunk, Loggly, Kibana, or similar.
Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, Cloudformation, Terraform, Ansible) preferred.
Ability to utilize a variety of tools like Stash, Git, Nexus, Jenkins, Gradle, Groovy, YML, and AWS security capabilities (WAF, GuardDuty, Security Groups, IAM, etc)
Familiarity with configuration baseline standards such as CIS Benchmarks or DISA STIGs.
Strong communication and presentation skills
Certifications such as CISSP, GSEC, CEH etc. (nice to have)
Design, Testing, Development, Migration, Integration, Vulnerability Scanning, Incident Response, Endpoint Detection And Response, Monitoring, Logging, Troubleshooting, AWS, Python, Java, Go, Windows, Linux, Qualys, Rapid7 Nexpose, Tenable Nessus, Tanium, Crowdstrike, Cisco AMP, McAfee, Splunk, Loggly, Kibana, Jenkins, Puppet, Chef, Cloudformation, Terraform, Ansible, Stash, Git, Nexus, Gradle, Groovy, YML, WAF, GuardDuty, Security Groups, IAM, CIS Benchmarks, DISA STIGs.