Position(s): Security SME
Term: Full time
Location: Frisco, TX
Security SME Job Description:
- Provide security offense capabilities to supplement the existing security defense capabilities, including periodically organizing "Hack-A-Thon" events with external entities to explore the critical gaps in existing security infrastructure, coordinating/conducting penetration testing, performing risk and vulnerability assessments, etc.
- Provide security research capabilities to minimize the security "unknowns", and instantly alerting the security defense teams the new threats and alerts as well as new security technologies.
- Introduce new security visions and strategies to the company's executive management teams, and also organize/conduct periodical security visionary forums to highlight those new visions, strategies, and technologies.
- Research, evaluate and recommend information-security related hardware and software to maintain a strong security posture, including developing business cases for security investments.
- Provide internal security assessments of all new technology being delivered by Internal IT or acquired with partnerships with SaaS companies by participating in the lifecycle of technology projects.
- Provide security advisories to existing security defense teams against cyber-attacks, which may include (but not limited to) DOS, DDOS, data loss and other malicious cyber activities, which could negatively impact the company and/or our Customers.
- Develop and validate baseline security configurations for operating systems, applications, networking and telecommunications equipment.
- Monitor daily and other periodic reports and analyze security logs for unusual events and trends.
- Provide support and analysis during and after a security incident
- Participate in security investigations and compliance reviews as requested by internal or external auditors.
- Document and report on annual security reviews, residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
Security SME requirements:
- Strong working knowledge of security defense side of the business, including working relationship with ethical hacker/white hat community, and hands-on working experience in organizing/conducting hacking and penetration testing activities. Personal involvement with Security Offense Conference such as DEFCON conference is a plus.
- Working knowledge and relationship with security research and development community, both from the industry and the academia.
- Strong knowledge of Internet and network security technologies and protocols such as: TCP/IP, firewalls (including application firewalls), routers, switches, IDS/IPS, Anti-Virus, SIEM, Web Proxy, VPN, Linux, Encryption technology products.
- Strong knowledge of network security encryption methods, IPSEC, Kerberos, Authentication concepts
- Have general knowledge of the following areas: Applications and Systems Development; Business Continuity Planning and Disaster Recovery; Cryptography; Physical Security.
- Working knowledge and experience ensuring compliance with the following standards: PCI, NIST
- Proven ability to work independently while being part of a team
- Strong problem solving and decision making skills
- Must be focused, energetic, meet commitments, willing to take ownership, have excellent judgment and integrity
- Strong communication skills, with an emphasis on the ability to discuss technical issues with non-technical people.