Senior Security Engineer

Job Title: Senior Security Engineer

Location: Any India based remote or Ensono office location

Job Function Overview:

The Senior Security Engineer is an individual with a strong background in information security technologies and processes. The Senior Security Engineer, under the direction of the Security Engineering Senior Manager, will be part of an expanding team responsible for engineering security solutions for a global managed service provider. The Senior Security Engineer will participate in evaluating, developing, implementing, and maintaining security tools, standards, procedures and guidelines for multiple platforms and diverse system environments. The Senior Security Engineer will need to be able to ensure that the solution aligns with architectural and business models to achieve optimal solutions for Ensono and its clients.

• Strong technical writing skills to include the ability to provide clearly written and detailed reports on projects for communication to leaders
• The design, implementation, and administration of information security solutions
• Support internal and customer auditing requirements
• Create internal and customer facing security architectures, standards, and procedures
• Align procedures, processes, and security tools to support a single global cybersecurity model
• Provide guidance to and mentorship to other Engineers and the Security Operations Center
• Lead incident response as necessary per the Ensono Incident Response Plan
• Evaluate, test, and implement security application upgrades and patches
• Provide consultative advice on threats and vulnerabilities
• Interact with other teams to create, maintain, and implement security hardening standards
• Design and maintain systems to comply with compliance standards such as SOC, PCI-DSS, etc.
• Perform or assist with penetration testing activities
• Review and approve architectures, applications, and networks using security best practices
• Provide recommendations and assist with the creation of security product roadmaps
• Consult with product owners to ensure alignment of solutions to security product offerings

• 10 or more years of full-time experience in an information security position

• Ability to lead or manage multiple security engineering projects simultaneously

• Cloud security solutions such as Microsoft 365 Defender, Security as a Service implementations
• Knowledgeable of network and cloud architecture concepts to include virtual firewalls and containers
• Exceptional understanding of TCP/IP based networks, DNS, firewalls, encryption, security concepts, common attack vectors/types
• Good understanding of malware classification, entry vectors and propagation channels
• Experience with digital forensics, penetration testing, or leading Red-Blue Team activities
• Strong knowledge or experience with network anomaly detection tools
• Experience with vulnerability scanning tools and experience evaluating vulnerability risks
• Experience with developing or implementing APIs across security toolsets
• Experience working with 3rd party auditors and compliances such as for PCI-DSS, SSAE SOC1/SOC2, and/or ISO270001
• Experience with security incident response in a large enterprise environment
• Experience with scripting such as VBScript, PowerShell, or Python
• Experience in creating clear and robust security standards, procedures, and metric reporting
• Anti-malware applications
• Significant knowledge or experience with SIEM architecture, implementation, and tuning
• Host and network based IDPS applications
• Security auditing and forensics tools (Metasploit)
• Experience in creating and implementing system hardening standards across the enterprise
• Certificate management applications
• Web application gateways
• Self-driven in learning new security frameworks and technologies
• Managed Security Service Provider (MSSP) experience desired
• Strong communication skills with the ability to lead through influencing and collaboration

• Security certifications such as CISSP, CISA, CISM, CEH, SANS GIAC
• Bachelor's degree in information security or a related field of study