Senior Security Engineer
Since 2001, CentraComm has been securing, managing and hosting high-performance IT networks for a wide array of businesses and organizations throughout North America. Beginning as an Internet Service Provider (ISP), we've grown with our customers, becoming a full-scale Managed Service Provider (MSP) along the way, complete with a Network Operations Center (NOC) and Security Operations Center (SOC) and two carrier-class datacenters including a nuclear hardened, former defense department facility.
We are looking for a Senior Security Engineer with strong experience with wide range of security issues including architectures, electronic data traffic, and security access. Familiar with encryption technologies, penetration and vulnerability analysis of various security technologies, and information technology security research. Prepares security and certification and accreditation documents/artifacts, research and review of products and technologies, penetration tests and security assessments and daily support and mentoring of CentraComm's Network Operations engineering team. This individual will be responsible for assessing technical, administrative and physical controls bases on various regulations or standards at the client sites. Ideally, the candidate should have an IT infrastructure or security background with detailed technical skills.
Required Technical Experience, Skills & Abilities
- Managing and maintaining an IDP/IPS solution with deep knowledge of exploits, attacks and their remediation.
- Experience in tuning IDP/IPS and SIEM rule base in the effective deployment of these technologies.
- Strong knowledge of applications, ports and protocols.
- Strong foundation of TCP/IP.
- Strong knowledge of writing regular expressions and/or programming in various scripting languages.
- Experience with tools related to hacking and discovery such as wireshark, nessus etc.
- Strong process and procedure ownership experience for system audits
Preferred Technical Experience
- Modern attack architectures and security tools
- Expert in TCP/IP networking, IP Sniffing and Analysis
- Reverse engineering tools (e.g., debuggers, disassemblers, assembly language, shell code)
- Unix/Linux/Windows internals and general administration
- Cryptography and PKI algorithms, applicability and strength, key management
- Internet-enabled protocols and technologies (TLS/SSH/IPSec/HTTP/TCP/UDP, etc.)
- Strong knowledge of Linux/Unix. Installing, maintaining and navigating within the environment.
- Strong knowledge of the use of crypto technologies in all facets of network communications.
- Experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modeling
Essential Duties & Responsibilities
- Able to work on multiple projects concurrently
- Ability to perform project tasks with little or no supervision
- Perform client work related to CentraComm's product and service services offerings
- Document findings and create reports for professional service client both in written and verbal formats.
- Contribute a significant piece of a project deliverable
- Ability to create detailed, professional documentation to be delivered to client
- Able to create and recommend remediation for components of security policies.
- Provide specific recommendations for a client’s business or technical issues
- Understanding of one or more regulatory areas (PCI, Sarbanes Oxley, etc.)
- Understanding of specific IT security technologies and processes:
IP Network architecture and technology, dynamic routing
Firewalls, Intrusion Prevention, SIEM (QRadar), NBAD configuration and maintenance
Remote access facilities; SSL VPN, IPSec
Vulnerability and general security analysis tools; e g. nmap, Nessus, Ethereal, etc.
Latest hacking techniques and counter measures, e.g., IPS evasion, DDoS, buffer overflows, XSS, etc.
- Perform other essential duties as assigned
- Maintain a valid US drivers licenses
Skills, Knowledge & Abilities
- Must possess excellent written and verbal communication skills
- Must possess strong analytical capabilities and have a desire to learn new things
- Experience working with complex, sophisticated clients
- High energy level, comfortable performing multifaceted projects in conjunction with day-to-day activities.
- Resourceful and Well Organized
- Unquestioned integrity and personal ethics; willingness to provide feedback in challenging situations.
Education and Experience
- 5+ years of experience in information assurance, information security, technical analysis, or a combination thereof. Desired experience should include a foundation in IT security and controls.
- Bachelor's degree preferred preferably in computer science or information systems or equivalent work experience
- While experience in a number of IT disciplines may provide a solid framework for this position, hands-on results from performing IT risk assessments, information security consulting or IT audits are most beneficial.
- Technical or professional certifications, such as CISA or CISSP are a plus, ideal candidate will have knowledge of Riverbed and/or Palo Alto technologies
Vendor Specific Certifications preferred:
- Juniper Networks, All Product lines - JNCIA, JNCIS, JNCIP, JNCIE
- Cisco, Networking and Security Product lines - CCNA, CCNP, CCIE
- Microsoft - MCP, MSCE
- CISSP, CEH, Other security certifications a plus
- Q1 Labs
Position will be based in Findlay, Ohio.
Only candidates who send cover letters and resumes to firstname.lastname@example.org in PDF format will be considered.
Senior Security Engineer