Our client seeking an experienced hands-on Senior Application Security Engineer (with Azure) and experience with DevSecOps to be based out of our client's Corporate Headquarters in McKinney, Texas. The Security Application Engineer is primarily responsible for all ongoing activities related to the availability, integrity, and confidentiality of employee, and business information in compliance with SRS security policies and procedures, regulations, and law.Required:
DevSecOps exposure/experience and ability to articulate experience
Duties and Responsibilities
- Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinates with third-party incident responders, including law enforcement.
- Develop information security plans and policies.
- Develop a set of security standards and best practices for the organization, and recommend security enhancements to management as needed.
- Defining technical and non-technical information security standards; i.e. PCI Compliance, NIST CSF, procedures, and guidelines in accordance with compliance and regulatory requirements;
- Perform technical security control assessments, and baseline validations to identify vulnerabilities, and control deficiencies as part of the continuous monitoring program.
- Measuring, analyzing, and reporting on information security metrics and incidents.
- Supporting Information Asset Owners(IAOs) and company leadership in the definition and implementation of controls, processes, and supporting tools to comply with the policies and manage information security risks.
- Monitoring compliance with SRS security policies and procedures among employees, contractors, alliances, and other third parties and taking corrective action when necessary;
- Managing information security incident response, Supporting IAOs in the investigation and remediation of incidents or other policy violations;
- Organizing and maintaining security awareness campaigns for personnel to enhance the security culture.
- Assisting with the development of disaster recovery and business continuity plans for information systems and testing readiness.
- Monitoring advancements in information security technologies, changes in legislation, and accreditation standards that affect the organization.
- Provide Subject Matter Expert (SME) support for the development and review of security configuration standards for company systems, users, and environment including compliance requirements and other supporting platforms/systems.
- Serving as an internal information security consultant to the organization.
- Other duties as assigned.
- Up to 10% travel
Education and Work Experience
- Demonstrated and proven technical and operational management experience or equivalent experience. Ability to assess, analyze, and propose efficient and cost-effective solutions to identified risks; Policy and procedure writing experience required. Strong interpersonal skills, strong organizational skills, a positive attitude, and customer service orientation.
- Minimum of five (5) years in an information security role, information security or IT operations with technical knowledge and hands-on experience in information technology areas such as:
- Implementation/Administration w/Information Security Tools Penetration Testing Information Security Incident Handling Information Security risk assessment, risk mitigation, and incident response experience
- Cloud Security framework (Azure, AWS , tools like wiz.io)
- Identity Access and Authentication (Microsoft AD, Office 365)
- Internet Security (zscaler or other tools)
- Data Loss Prevention (zscaler or other tools)
- Email Security (Proofpoint)
- SIEM Solutions like Splunk, Sumologic
- Network Security and Firewalls (Palo Alto )
- Multi-factor authentication and Single Sign-on capabilities (Okta, Ping Identity )
- Vulnerability Management tools (Tenable, Qualys)
- CISSP, CISM, CISA, and/or certifications preferred or working to achieve; Knowledge of relevant systems and tools such as directory services, firewalls, user provisioning, identity and access management, auditing, cloud security, endpoint protection, GRC, SIEM