Senior Security Engineer
GreenSky
- Atlanta, GA
- Permanent
- Full-time
- Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
- Ensures authorized access by investigating improper access; revoking access; reporting violations. Collaborate with infrastructure teams to implement, maintain, monitor and audit usage and secure storage of privileged credentials.
- Ensure compliance of corporate security policies and practices.
- Plan, test and deploy server endpoint software necessary to provide protection from and monitoring of threats.
- Technical team lead for other security engineers.
- Ensure the security software of all endpoints within the corporate network, for remote users and for satellite offices is current and deployed appropriately to provide best available security protection.
- Plan, test and implement appropriate updates, deployments, and rollouts as needed to ensure the integrity of the security software on all company endpoints.
- Monitor log files, dashboards and other appropriate data sources to provide periodic management reporting and input to the life-cycle improvement process.
- Work with the sysadmin teams on any security policy updates in tools such as O365, Mimecast, and any other mail programs.
- Develops security strategy plans and roadmaps based on sound enterprise architecture practices
- Develops and maintains security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
- Determines baseline security configuration standards for operating systems (e.g., operating system hardening), network segmentation, and identity and access management (IAM)
- Drafts security procedures and standards to be reviewed and approved by executive management and the individual responsible for overall security direction.
- Validates IT infrastructure and other reference architectures for security best practices, and recommend changes to enhance security and reduce risk where applicable
- Validates security configurations and access to security infrastructure tools, including firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), anti-malware/endpoint protection systems, etc.
- Ensures that a complete, accurate and valid inventory of all systems, infrastructure and applications is conducted that should be logged by the security information and event management (SIEM) or log management tool.
- Reviews network segmentation to ensure least privilege for network access.
- Bachelor's degree in Information Technology. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree
- Minimum of 5 years’ experience in information technology and system administration
- Full-stack knowledge of IT infrastructure:
- Applications
- Databases
- Operating systems (Windows, UNIX and Linux)
- Hypervisors
- IP networks (WAN, LAN)
- MS Exchange
- SCCM/Intune/JAMF or a similar deployment tool experience
- Direct experience designing IAM technologies and services (e.g., Active Director, LDAP, Amazon Web Services’ [AWS’] IAM)
- Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
- Change management
- Configuration management
- Asset management
- Incident management
- Problem management
- Experience designing the deployment of applications and infrastructure into public cloud services (e.g., AWS or Microsoft Azure)
- At least one of this Scripting languages PowerShell/Python/Java Script
- Linux experience a plus.
- Exceptional verbal and written communication skills
- CISSP, CCNA, GIAC, GCIA, GCIH, GSEC, Security+ or similar certification desirable
- Operating systems and networking certifications desirable
- Knowledge of industry standards including ISO 27001, NIST, HIPAA, PCI-DSS, etc.
- Experience with firewalls like Palo Alto, Cisco, Linux iptables/netfilter
- Results oriented, willing to accept challenges dynamically and prioritize accordingly to business needs.
- Availability to work non-standard hours during Maintenance Windows, Business Continuity, Disaster Recovery &/or security incidents
- Adaptability: Demonstrates flexibility within a variety of changing situations, while working with individuals and groups. Changes his or her own ideas or perceptions in response to changing circumstances. Alters standard procedures, when necessary, and multitasks when required.
- Business acumen: Demonstrates an awareness of internal and external dynamics, and an acute perception of the dimensions of business issues.
- Openness to learning: Takes personal responsibility for personal growth. Acquires strategies for gaining new knowledge, behaviors and skills. Builds on and applies existing knowledge.
- Versatility: Ability to work effectively with different types of scenarios and challenges. Ability to address tasks and projects for which no precedence exists in the organization.