Security Engineer - IV

What youll be doing...

Youll be finding the right technology to help ensure our customers keep their systems secure and spot risks before they become real threats. But youll be doing more than just providing SOX and IT securityyoull help customers prepare for the unexpected, defend their systems, and protect their business, brand, and bottom line.

• Designing solutions to mitigate risk and close security gaps and reduce vulnerability.
• Managing SOX Audit.
• PM/Engineering effort for tracking Security vulnerabilities.
• Working closely with VCG Application Development, App Security teams and other Key stakeholders in strategizing SOX and Security Engineering Practices and mitigating the Security Vulnerabilities.
• Adhering to industry standards and best practices and understanding emerging technologies and trends to continuously improve the systems, application, infrastructure, and processes.
• Performing SOX QA Support for Controls to ensure minimal SOX findings by auditors.
• Conducting quarterly Lesson Learned with SOX POCs/Directors/Performers to prevent the same issues from happening quarter over quarter.
• Supporting SOX BOT automation enhancements and testing in partnership with Control Performers.
• Supporting SOX Ops - Maintain and enhance SOX SOP documents for effective QA reviews by team.

Where you'll be working...
In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

What were looking for...

Application Security Skills:

• Secure Coding Practices: Deep understanding of secure coding principles and common vulnerabilities (OWASP Top 10, SANS 25) in various languages (e.g., Java, Python, .NET, JavaScript).
• SAST/DAST/IAST Expertise: Proficiency in using and interpreting results from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and ideally Interactive Application Security Testing (IAST) tools.
• Open Source Software (OSS) Security: Knowledge of common OSS vulnerabilities, license compliance issues, and tools for managing OSS risks.
• Threat Modeling: Ability to perform threat modeling exercises to identify potential security weaknesses in application architectures and designs.
• Cloud Security (for Cloud-Native Apps): Familiarity with cloud security concepts, including secure configuration of cloud services (e.g., AWS, Azure, GCP), identity and access management (IAM), and cloud-native security tools.
• Logging and Monitoring: Experience with implementing and analyzing security logs, setting up security information and event management (SIEM) systems, and using intrusion detection/prevention systems (IDS/IPS).
• DevSecOps Practices: Understanding of integrating security into the software development lifecycle (SDLC) using DevSecOps methodologies and tools.

Platform Security Skills:

• Cloud Security: Strong knowledge of cloud security best practices, including securing cloud infrastructure (compute, storage, network), managing cloud access, and implementing security monitoring in cloud environments.
• Container Security: Expertise in securing containerized applications and their underlying infrastructure (e.g., Docker, Kubernetes), including image scanning, runtime security, and container orchestration security.
• Vulnerability Management: Proficiency in using vulnerability scanning tools (like Tenable) for both network and application layers, prioritizing vulnerabilities, and coordinating remediation efforts.
• Hardware Security: Understanding of hardware security concepts, including firmware security, hardware-based encryption, and physical security measures.
• Incident Response: Experience with incident response processes, including detection, containment, eradication, and recovery, as well as post-incident analysis.

SOX Auditing Exposure/ Experience:

We are seeking a highly motivated and detail-oriented SOX Audit person to join our growing team. In this role, you will play a crucial part in ensuring the effectiveness of our internal control environment and compliance with the Sarbanes-Oxley Act (SOX).

• Plan, execute, and document SOX testing procedures for key financial and IT controls.
• Identify and assess the design and operating effectiveness of internal controls.
• Evaluate control deficiencies and recommend remediation strategies.
• Collaborate with process owners to remediate control deficiencies and enhance the control environment.
• Stay abreast of SOX compliance requirements and industry best practices.
• Assist with the development and maintenance of SOX documentation, including process narratives, flowcharts, and risk control matrices.
• Participate in special projects and other duties as assigned

Additional Important Skills:

• Automation and Scripting: Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating security tasks and integrating security tools.
• Communication and Collaboration: Excellent communication skills to effectively convey security findings to technical and non-technical audiences and collaborate with development and operations teams.
• Problem-Solving and Analytical Skills: Strong analytical and problem-solving abilities to investigate security issues, identify root causes, and develop effective solutions.

Youll need to have:

• Bachelors degree or four or more years of work experience.
• Four or more years of relevant experience required, demonstrated through work experience and/or military experience.
• Worked as a consultant.
• Four or more years of relevant experience in Application Security Skills, Platform Security Skills & SOX Auditing Exposure/ Experience.

Even better if you have one or more of the following:

• A degree in engineering or computer science.
• Experience with security risk procedures, security patterns, authentication technologies and security attack pathologies.
• Certifications in one or more of the following:
• Security: CISSP, CISM, CEH, GCIH, GPEN, CCSK, Security+, Cisco, F5, BlueCoat, Check Point.
• Network: Cisco, Juniper, Palo Alto.
• Architecture: TOGAF.
• Service Delivery/Governance: ITILv2/3.