● Utilize software tools to scan applications for vulnerabilities
● Categorize and report on documented vulnerabilities
● Perform manual vulnerabilities assessments on web applications
● Perform assessments in various cloud and on premise
● Provide security engineering expertise to application teams to enhance security posture.
● Develop secure application architectural designs design
● Ensure applications and infrastructure meet standards for security as defined by CIS and
● Utilize publicly available Common Vulnerabilities and Exposures (CVE) to analyze and
probe system weaknesses.
● Demonstrate proficiency in security architectures in large datacenter environment –
DNS/DHCP, Load Balancing (F5 Networks, AWS ELB & ALB), Firewalls (Cisco, Palo Alto,
Fortinet, & Juniper Networks), IDS/IPS, IPSEC VPN)
● Ensure that all solutions follow security, compliance controls, and conformance to firm’s IT
● Provide concise reports to management and security teams regarding vulnerability
● AWS, Windows Server, RHEL, Ansible, SAML, Github, Chef, Puppet, Jenkins.
Skills and Qualifications
● Proven hands on Security Engineering experience dealing with Network engineering as well as Software Engineering.
● Basic manual assessment / Penetration testing skills
● Solid understanding of the OSI or TCP/IP model
● Strong experience with cloud software design patterns (microservices, messaging, distributed
caching, container security, etc.)
● Developer background, 5 years of experience with programming in at least one common object
oriented language (java, c#, C , Python, Ruby etc.)
● Experience with continuous integration concepts and tools, such as Bamboo, Jenkins, Microsoft
TFS, TeamCity, etc.
● Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 80053/
SOC2, DFARS, Privacy Shield, etc.)
● Ability to script in multiple operating systems, Linux (BASH), Windows (Powershell)