The Senior Security Engineer's job is to increase OCC's security posture by security testing new and existing assets. Team members must ensure the availability and integrity of OCC's operational systems and self-disclose identified findings in a timely/proactive manner.
Members of the Blue team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Blue team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy OCC's preventative and detective controls.
The ideal candidate will have extensive experience in more than one of the following security testing domains: Network/Application, Web Application, and Mobile Application. This candidate must be driven, a stellar communicator, enthusiastic, a good mentor and have the desire to stay ahead of today's emerging threats and actor techniques.
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
* Conduct various Blue team activities such as: Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing and Physical Security Testing.
* Maintains knowledge base on high profile, public cyber security breaches and able to quickly understand and articulate their associated actors, exploits and opportunities to improve OCC's specific defense capabilities.
* Perform security risk assessments of technologies and technology management processes
* Perform independent reviews of OCC's security, network, and applications.
* Stay on-time, on-budget, and within scope of testing activities.
* Develop clear, detailed reports and recommendations based on concrete evidence.
* Debrief users and provide remediation strategy on findings.
* Ensure alignment of security controls in OCC's testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices.
* Participate in developing security best practices and implement new ideas and innovations according to the industry trends.
* Adhere to the best practices and work for delivering secured and quality products.
* Consult with technical experts and system owners on all aspects of Information Security and Compliance.
* Work closely with Production Support staff, Incident Response, IT infrastructure and developer teams to improve organizational security posture.
* Support OCC's security objectives and remediation efforts.
* Cross-train the Security Engineering Blue team members.
* Participate in "Lessons Learned" process to provide information to help OCC improve practices, methodologies, tools, and other technologies.
* Participate in technical committees and provide input and feedback to partners.
* Stay current on emerging technology trends and the threat landscape.
* Advise IT on current and emerging threats, their attack vectors, and how to mitigate them.
* Provide leadership, share knowledge and mentor team members.
* Train full-time and contingent Security Testing Blue team personnel.
* Support Security Assurance management and activities and be a Team Player.
* Perform other duties as assigned.
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
* High energy, results driven person with an attention to detail.
* Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions.
* Exceptional tactical planning skills based on long-term strategic goals.
* Exceptional verbal/written communication skills to be able to articulate ideas clearly and concisely.
* Excellent listening skills.
* Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing and Physical Security Testing.
* Proven due diligence and research ability via open source avenues and technology.
* Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies.
* Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
* Good understanding of regulatory standards including PCI, SSAE 16, SAS 70, HIPPA, NIST, FIPS 199, COBIT 5 and others as needed.
* Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.
* Strong knowledge of common enterprise infrastructure technology stacks and network configurations.
* Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols.
* Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming language.
* Ability to facilitate meetings and conversations.
* Ability to work with business users, understand their needs and translate those needs to the final project deliverables.
* Nice to have experience working on critical infrastructure in a regulated environment.
* Cloud services experience in securing IaaS, PaaS, or SaaS.
* Familiarity with DevSecOps
* Strong proficiency in network, application, emissions and physical security.
* Strong proficiency in social engineering and intelligence gathering.
* Strong proficiency in cryptography.
* Strong proficiency with the penetration testing tools-of-the-trade (Kali, Armitage, Linux distros, MacOS, Rapid7, Core Impact, Metasploit, nMap, Qualys, Maltego, Burp Suite, etc.).
* Experience with scripting or programming.
* Experience with Mainframes, Windows, Unix, Cisco, platforms and controls.
* Proficient in creating content with Microsoft Office (Word, Excel, PowerPoint, Visio).
* Proficient in basic document management in a Microsoft SharePoint environment.
* Experience with dedicated document management tools (e.g., DMS, PolicyTech) a plus.
* Experience with using ServiceNow a plus.
Education and/or Experience:
* BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university or equivalent experience.
* 5+ Years' experience penetration testing.
* 5+ Years' experience in Information Assurance or Information Security environment.
Certificates or Licenses:
* BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university.
* Security-related certifications (CISSP, CISA, CRISC, ISSAP, GSLC, CEH etc.) highly desired.
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume. Step 2
You will receive an email notification to confirm that we've received your application.Step 3
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location. For more information about OCC, please click hereOCC is an Equal Opportunity Employer