Security Engineer (On-Call)

PRINCIPAL DUTIES AND RESPONSIBILITIESMonitor the environment for potential security risks and anomalies.Analyze and triage security alerts, escalating incidents when necessary.Produce detailed documentation of analysis and response activities.Coordinate remediation efforts with other team members as necessary.Assist with creating and tuning security monitoring use cases.Assist with creating and improving Threat Management processes and procedures.Generate periodic security metric reports.Design and conduct formal penetration tests on web-based applications, computer networks, embedded systems, and other types of cyber-physical systems, including analysis of the system 'as designed', 'as built', and 'as operating'.Conduct security assessments of servers, computer systems, and networks, including security audits from both a logical / theoretical standpoint and a technical / hands-on standpoint.Understand security aspects related to wireless networks, databases, software development, software applications, and company proprietary information.QUALIFICATIONS / EXPERIENCE / DEPARTMENTALBachelor's degree in IT or equivalent experience.Familiarity with a variety of network architectures, network services, system types, network devices, development platforms, and software suites (e.g., Windows, NIX, Oracle, Active Directory, .NET, etc.).Knowledge and experience in web application configuration, particularly experience with the Linux, Apache, MySQL, PHP (LAMP) stack.Working understanding of OWASP Top 10 vulnerabilities, how they are exploited, and how to fix them.Understand the risks / impact your 'attack' will have on the business and its users and work with customers to establish processes to meet security objectives without impacting operations.A good understanding of Penetration testing methodology (recon [active & passive], vulnerability analysis, exploitation, lateral movement, and reporting) or PTES, MITRE ATT&CK, etc.Conduct remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security.Administration or support experience in a large enterprise environment.Awareness of the incident response lifecycle.Strong written and oral communication skills.Participate in special projects as needed and perform other duties as assigned.Must be able to work independently as well as part of a fast-moving team.Certifications including but not limited to OSCP, CEH, CCNA, Security .This position is a part-time on-call as needed position.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.#J-18808-Ljbffr