POSITION PURPOSE -
The Security Engineering team is peers and partners with other engineering teams at Home Depot; such as, Mid-Tier Engineering (Windows, Unix, Virtualization), Network Engineering (firewalls, routers, switches), Database teams (Oracle, Informix), and HomeDepot.com. We are responsible for championing security throughout the solutions development lifecycle and providing SME support on various security topics such as Device Hardening, Access Control, Identity Management, Application and Web Development, Database Security, etc. Working with the organization, the lead security engineer will deliver an infrastructure solution that is technically sound, resilient to failure, operationally supportable, meets the requirements of the business, and adheres to IT Security standards. The ideal candidate will exhibit strong leadership skills, will be forward thinking, and will be able to work effectively in a diverse, highly talented team, continuously striving for excellence.
MAJOR TASKS, RESPONSIBILITIES AND KEY ACCOUNTABILITIES -
Senior level role that involves understanding the client, business and project requirements, and designing and deploying optimal security solutions that balance risk versus usability while meeting audit and compliance requirements. Create high quality operational documentation, including Visio diagrams, high-level descriptions of the environment, as well as detailed instructions outlining the steps required to repeat the build-out and configuration of the infrastructure. Day to day interaction with security technology providers, internal and external auditors, assessors, platform engineers (Windows, Unix and ESX) and Security Engineers with Security Operations groups. Work with internal customers and vendors in developing Business Requirement Specifications for new security engineering deployments and all security Proof of Concepts with vendors. Role sometimes requires scheduling and attendance on overnight maintenance windows. Resource can expect to routinely be called upon to analyze and interpret results of security controls such as vulnerability scan reports, CIS hardening scan reports as well as provide recommendation for remediation of identified risks. Primary interface to security technology vendors such as Qualys, Symantec, RSA to name a few. Create or help create legally-binding statements of work (SOW), project scope documents, project plans, business cases, and formal technical solutions recommendations. Required to prepare recommendations and supporting details for formal proposals for security and compliance solutions. Current enterprise-class Systems Security Engineering experience within security domains such as Identity and Access Control Systems, Vulnerability Management Systems, File Integrity/Configuration Compliance systems, Critical Server Protection Systems, PKI/Encryption key management systems.
NATURE AND SCOPE -
Typically reports to Senior Manager, IT Security Engineering No associates report to this role on a permanent basis, but requires the leadership of a work group: assign and review work, train and contribute to performance appraisal (but not hiring, firing or disciplinary action).
ENVIRONMENTAL JOB REQUIREMENTS -
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable. Typically requires overnight travel less than 10% of the time.
MINIMUM QUALIFICATIONS -
Must be eighteen years of age or older. Must pass the Drug Test. Must successfully complete any required training or orientation courses. CCNA and/or CCNP required. Sysadmin Certifications on RHCE or MCSE a plus. SANS GCFW or GCED a plus as well
EDUCATION REQUIRED -
The knowledge, skills and abilities typically acquired through the completion of a high school diplomas and/or GED. Master's or Bachelor's Degree in Computer Science or related technical field
YEARS OF RELEVANT WORK EXPERIENCE - 5
PHYSICAL JOB REQUIREMENTS -
Frequent periods are spent standing or sitting in the same location with some opportunity to move about; occasionally there may be a need to stoop or lift light objects (typically less than 8 pounds).
ADDITIONAL QUALIFICATIONS -
Expert knowledge of the TCP/IP protocol stack and practical application of the OSI model, including packet headers, traffic flow, ip addressing, UDP, ICMP, etc. Expert knowledge of L2 and L3 switching and routing. Experience with routing protocols. Experience with Cisco and Juniper HW and SW. Firewalls - In-depth knowledge of ruleset creation and specific security implications of ruleset modifications in a production setting. Encryption - Experience with SSH, VPN, PGP, PKI, and other encryption and authentication technologies Proxies - General knowledge of service proxies Strong knowledge of IDS/IPS rule creation (Sourcefire a plus) Network Management Systems - Experience with SNMP, syslog, and performance monitoring tools E-mail Security - Understanding of e-mail headers, spam handling, and attack handling Traffic monitoring - Knowledge of IP traffic flow, sniffing/capturing/monitoring live traffic streams. Expert knowledge in interpreting packet captures is mandatory. Strong knowledge of cross platform network attack concepts - common probing and attack methods, network/service discovery Strong understanding common methods of virus and worms propagation Experience with various methods and solutions for attack detection Broad knowledge of security concepts such as packet filters, resource protection, ACLs, proxies, IDS/IPS, risk measurement and management, designing and implementing compensating controls
PREFERRED QUALIFICATIONS -
Industry certifications - CISSP, CISM, CISA, CCFE, GIAC, CCIE, CCSP, CBCP, ABCP, MBCP. 1+ years experience in network, system or application architecture design, implementation or support. 1+ years application security knowledge in an application used at THD. 7-10 years of related experience. BS Computer Science or related field, MS a plus.
KNOWLEDGE, SKILLS, ABILITIES AND COMPETENCIES -
Ability to listen to what the user is saying and then interpret what he/ she is trying to get across. The ability to work autonomously and with a diverse team. Ability to communicate at all levels. Ability to present ideas and take charge of projects.