IT Security Principal Engineer -NATIONWIDE_
Apply NowCompany: GlobalXperts
Location: Raleigh, NC 27610
Description:
Company Description
GlobalXperts is a leading IT Solution Provider whose business focus is to provide Day 2 remote monitoring & co-managed support and professional services for advanced Cisco, Microsoft and Data Center solutions. Our Level 1 through Level 3 networking experts (CCNA through CCIE) are available around-the-clock and have a deep understanding of internetworking technologies (Collaboration, Data Center, Borderless networking, Security) and products from leading equipment manufacturers giving you access to multi-technology support from a single source. Our professional services approach track with Cisco's PPDIOO model which is to prepare, plan, design, implement, operate, and optimize. And, while each phase of the service delivery model is strategically designed to build upon the previous phase, GlobalXperts technical staff has been successfully utilized by our customers for any or all phases.
Job Description
The IT Security Principal Engineer will deliver security technical consulting to internal organizations and Information Technology Services (ITS). The IT Security Principal Engineer will evaluate needs of key stakeholders to find solutions to challenging situations. Primary areas of expertise are IT infrastructure and information security compliance (HIPAA, SOX, PCI, Penetration Testing, etc.).
Responsibilities:
Drive SDL across ITS and business segments, for internal and externally facing applications, including Ecommerce sites, Mobility (Android, Apple IOS), and legacy applications;
Source code analysis and remediation using Fortify; Network security assessments and analysis for corporate and non-corporate network environments;
Firewall policy evaluation, review, and design;
Ensure compliance across applications and networks for PCI, HIPAA, and SOX;
Provide training and guidance for security including Threat Modeling, Penetration Testing, SDL, and Code Security Reviews.
Qualifications
Bachelor's degree required, preferably in computer science or information systems
5+ years of experience leading penetration testing, application testing, and red team engagements
10+ years of Information Technology, with a background in Security and Compliance experience
Additional Requirements:
Experience with security tools such as - Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
Experience with scripting languages such as python, ruby, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
Understanding of:
- Web protocols (e.g., HTTP, HTTPS, and SOAP)
- Web technologies (e.g., HTML, JavaScript, XML, AJAX, JSON, and REST)
Experience with WLAN security concepts and testing
Strong technical communication skills, both written and verbal; ability to explain technical security concepts to executive stakeholders in business language
While experience in a number of IT disciplines may provide a solid framework for this position, hands-on results from performing IT risk assessments, information security consulting or IT audits are most beneficial.
Experience in the following regulations and Frameworks: PCI, ISO 27001/2, HIPAA, GLBA, NIST
Additional Information
All your information will be kept confidential according to EEO guidelines.
GlobalXperts is a leading IT Solution Provider whose business focus is to provide Day 2 remote monitoring & co-managed support and professional services for advanced Cisco, Microsoft and Data Center solutions. Our Level 1 through Level 3 networking experts (CCNA through CCIE) are available around-the-clock and have a deep understanding of internetworking technologies (Collaboration, Data Center, Borderless networking, Security) and products from leading equipment manufacturers giving you access to multi-technology support from a single source. Our professional services approach track with Cisco's PPDIOO model which is to prepare, plan, design, implement, operate, and optimize. And, while each phase of the service delivery model is strategically designed to build upon the previous phase, GlobalXperts technical staff has been successfully utilized by our customers for any or all phases.
Job Description
The IT Security Principal Engineer will deliver security technical consulting to internal organizations and Information Technology Services (ITS). The IT Security Principal Engineer will evaluate needs of key stakeholders to find solutions to challenging situations. Primary areas of expertise are IT infrastructure and information security compliance (HIPAA, SOX, PCI, Penetration Testing, etc.).
Responsibilities:
Drive SDL across ITS and business segments, for internal and externally facing applications, including Ecommerce sites, Mobility (Android, Apple IOS), and legacy applications;
Source code analysis and remediation using Fortify; Network security assessments and analysis for corporate and non-corporate network environments;
Firewall policy evaluation, review, and design;
Ensure compliance across applications and networks for PCI, HIPAA, and SOX;
Provide training and guidance for security including Threat Modeling, Penetration Testing, SDL, and Code Security Reviews.
Qualifications
Bachelor's degree required, preferably in computer science or information systems
5+ years of experience leading penetration testing, application testing, and red team engagements
10+ years of Information Technology, with a background in Security and Compliance experience
Additional Requirements:
Experience with security tools such as - Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
Experience with scripting languages such as python, ruby, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
Understanding of:
- Web protocols (e.g., HTTP, HTTPS, and SOAP)
- Web technologies (e.g., HTML, JavaScript, XML, AJAX, JSON, and REST)
Experience with WLAN security concepts and testing
Strong technical communication skills, both written and verbal; ability to explain technical security concepts to executive stakeholders in business language
While experience in a number of IT disciplines may provide a solid framework for this position, hands-on results from performing IT risk assessments, information security consulting or IT audits are most beneficial.
Experience in the following regulations and Frameworks: PCI, ISO 27001/2, HIPAA, GLBA, NIST
Additional Information
All your information will be kept confidential according to EEO guidelines.