Security Engineer

Summary

Join EVOTEK as a Security Engineer and be responsible for testing, installing, configuring, and maintaining security solutions and monitoring infrastructure for threats. Collaborate with client teams on security tool implementation and administration, and communicate findings to relevant parties. Engage in longer-term Resident Engineer positions with specific clients. Develop and document security standards and policies, and assist with the installation and operation of new security products. Discover and recommend security enhancements, participate in vulnerability scans and remediation, and undertake system hardening efforts. Monitor infrastructure for breaches and irregular system behavior, ensuring timely and accurate information regarding security concerns. Participate in incident response and investigations, and assist with client staff education. Develop automation solutions and test security solutions using industry standards. Help plan and implement information security strategies and recommend modifications in legal, technical, and regulatory areas.

Requirements

• 5-10 years' experience in Information Security and Engineering
• A strong background in both data / information security and system engineering
• Possession of both deep and wide expertise in the security space
• Having a breadth of experience with security solutions and concepts overall, while also having deep knowledge of several specific security solutions/tools
• Experience deploying, troubleshooting, integrating with, managing, and maintaining security solutions (think email security gateways, network security tools, SIEMs, Antivirus/EPP technologies, etc.)
• Experience monitoring infrastructure and systems for security breaches or intrusions
• Familiarity with regulatory requirements (GDPR, CCPA, HIPAA, PCI DSS, etc.)
• Deep understanding of server operating systems (Windows Server and Linux [multiple variants] are most common)
• Excellent communication skills, both written and verbal
• Documentation of security tools, deployment configuration, incident reports, etc
• Communication with client teams on the above as well as clear explanation of concerns, findings, and incidents

Responsibilities

• Test, install, configure, and maintain security solutions/tools
• Monitor infrastructure (networks and systems) for unusual activity, security breaches, and/or intrusions
• Work closely with client teams on the implementation, maintenance, and administration of security tools
• Communicate findings, incidents, and concerns to relevant team members and leadership in a timely manner and work with teams to address and remediate those findings and concerns
• Work with client and team members to develop and document security standards and policies
• Assist with installation, configuration, and operation of new security products and procedures
• Deploy, troubleshoot, maintain, and administer security solutions (such as Endpoint Protection, SIEMs, Vulnerability Management solutions, email security gateways, event logging solutions, etc.)
• Discover and recommend security enhancements to client teams
• Participate in, or conduct, vulnerability scans of client environments
• Work with client teams prioritize and remediate discovered vulnerabilities
• Undertake system and infrastructure hardening efforts per standardized benchmarks (E.g.: CIS benchmarks, CIS-CAT assessments, NIST standards, etc.)
• Installation and configuration of solutions that monitor for and notify when unusual behavior is detected
• Monitoring infrastructure for security breaches or intrusions (via security tools and solutions)
• Monitoring for irregular system behavior
• Ensure that client organizations have detailed, timely, and accurate information regarding security concerns, security findings, and incidents
• Participate in, and sometimes lead, incident response activities
• Participate in, and sometimes lead, investigations into how incidents and/or breaches occur
• Participation in security tabletop exercises
• Assist with the education of client staff members on information security through training and awareness
• Develop automation solutions (scripts, etc.) to handle and track incidents
• Test security solutions using industry standard analysis criteria
• Help plan and implement an organization’s information security strategy
• Recommend modifications with regards to legal, technical, and regulatory areas

Preferred Qualifications

• Experience with AWS and/or Azure environments is a plus
• Experience with MS 365 is a plus
• Experience in some specific industry verticals (healthcare, biotechnology, government, department of defense) is helpful

Benefits

• Salary commensurate with years’ of experience, technical expertise and geographic location
• Salary range: $100,000 to $150,000
• Performance bonuses
• Benefits package that includes 100% paid medical, dental and vision for the employee
• 401(k) with employer match
• Strong company culture
• Flexible PTO policy
• Flexible working arrangements
• Annual company overnight retreat