Security engineers are responsible for developing, automating and managing security solutions and applications. Engineers install and configure solutions, implement reusable components, translate technical requirements, code software, assist with all stages of test data, develop interface stubs and simulators and perform script maintenance and updates, being responsible for deploying and operating the code they write. Accordingly, they provide security-related architecture recommendations in projects, lead security projects and helps define new security proceses in the organization.
- Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies, and assesses new threats and security alerts, and recommends remedial actions.
- Develops and coordinates security architecture artifacts and security policies, principles and standards, supporting the evolution of the security landscape and the usage and integration of specific security services, with a focus on automation and cloud infrastructure as code.
- Provides second- and third-level support and analysis during and after a security incident.
- Troubleshoots and solve customer issues on production deployments.
- Develop comprehensive monitoring solutions to provide full visibility to the different platform components using tools and services like New Relic, Grafana, Kubernetes and other similar tools.
- Provides guidance for security activities in the Software development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required.
Qualifications and Competencies
- Bachelor’s Degree in Computer Science, Information Systems, or other related field.
- Typically has 7 years of full-stack development.
- 5 years' in a security architecture role or similar experience.
Expected experience / knowledge
- Solid knowledge of both automation and orchestration in order to leverage the full value of each in cloud environments (Cloud environments: Cloud IaaS/PaaS, CaaS/FaaS/Serverless (Amazon Web Services (AWS), Openshift, etc.)).
- Scripting proficiency. Experience in languages and infrastructure such as Terraform, Go, Python, C, C
- Working experience with cloud providers’ deployment orchestration capabilities is preferred, like Amazon Web Services (AWS) CloudFormation or AWS OpsWorks, and familiarity with configuration management tools, like Ansible, Chef and Puppet.
- Hands-on experience working under agile methodologies and DevOps environments.
- Experience in developing, documenting and maintaining security policies, processes, procedures and standards.
- Ability to partner with internal or external software engineers and quality analysts to identify course of resolutions. Good communication skills.
- Ability to adapt quickly to new technologies and changing business requirements. Comfortable in a fast changing environment
- In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
- Solid understanding of security protocols, cryptography, authentication, authorization and security.
- Knowledge and experience with security policies, firewalls, encryption, and security information and event management (SIEM) systems.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Experience implementing multi-factor authentication, single sign-on, identity management or related technologies.