In collaboration with technology management teams, Sr. Information Security engineer will deploy and operate technical and administrative security controls, manage information security processes and procedures, validate compliance with information security standards, monitor security events and audit trails, respond to security incidents, and support audit and regulatory compliance projects.
Job Duties and Responsibilities:
Develop and maintain BlackLine’s risk framework.
Define effective information security standards, processes, and procedures.
Perform security assessments and penetration tests.
Administer security tools and technologies.
Evaluate, recommend, and deploy security tools and technologies.
Collect and analyze systems/application security logs.
Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
Ensure compliance with internal policies/standards and regulatory requirements.
Respond to security incidents; perform forensics activities and root cause analyses.
Perform other duties as assigned
5+ years of hands-on information security experience.
Expertise in Windows and IIS. Working knowledge of Linux/Unix (advanced Linux skills are a big plus).
Advanced network security -- thorough understanding of the OSI model and comprehensive knowledge of common protocols and services for levels 3 through 7.
Proven track record of effectively supporting commonly-used information security tools and processes (e.g.: patch management, log management, malware management, web filtering, firewalls, proxies, APT, IDS, DLP, HIDS/NIDS, network access control, threat and vulnerability management)
Experience supporting high-volume, high-availability web-facing environments.
Wireless security and mobile devices management.
Knowledge of encryption algorithms and related technologies, secure communications, SSL, PKI.
Advanced skills in at least one scripting language (e.g.: Perl, Python). Working knowledge of WMI and WSH.
Solid knowledge of common vulnerabilities and exploitation techniques (e.g.: SQL injection, buffer overflows).
Ability to define effective information security standards applicable to specific environments.
Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
Strong work ethics, attention to detail, and organizational skills.
Ability to multi-task and manage priorities in a fast-paced environment.
Ability to collaborate in a team and work independently.
Intermediate proficiency with the Microsoft Office suite.