NOW HIRING: IT Security Engineer

Company: Emburse
Website: http://www.emburse.com
Headquarters: Global

At Emburse our mission is to help make our users’ lives — and their businesses – better. We are dramatically transforming how organizations manage corporate expenses and invoices. We humanize work by automating manual tasks and saving users’ time, so they can focus on what matters most — their family, community, or more rewarding work. We help CFO’s give their employees a simple and amazing experience while ensuring compliance and reducing costs. Our solutions are tailored for companies from start-ups to enterprises. We have more than 14,000 clients and 4.5 million users globally.

Emburse has offices across North America, including Los Angeles, Montreal, Portland (ME), San Diego, San Francisco, and Toronto, as well as locations in the UK, Germany, Spain and Australia.

ESSENTIAL JOB FUNCTIONS

  • Identifying and mitigating security risks
  • Conduct network monitoring and intrusion detection analysis using various Computer Network Defense (CND) tools, such as Intrusion Detection/Prevention Systems (IDS/IPS), Firewalls, Host Based Security System (HBSS), etc.
  • Respond in a timely fashion to Intrusion Alerts
  • Management, and execution of internal vulnerability management program across all Clusters
  • Recording of results once per quarter
  • Development and execution of any required remediation
  • Management of external ASV scanning vendor across all Clusters
  • Recording of results once per quarter
  • Development and execution of any required remediation
  • Management and coordination of Penetration Testing
  • External Pen Tests
  • Internal Pen Tests
  • Web Application Pen Tests
  • Performance of Internal Firewall pen testing in all Clusters
  • Required once per year per PCI 3.2
  • Recording results
  • Development and execution of required remediation
  • Provide incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
  • Protecting Chrome River data, information, assets, and other resources
  • Provide analytical and technical security recommendations to other team members, oversight boards, and clients; Identify requirements, based upon need or as the result of a security issue that puts organizations systems at risk
  • Oversee the correlation of network activity across networks to identify trends of unauthorized use
  • Implement and manage patching processes for servers, network, and storage devices
  • Work with DevOps and SysOps teams to develop documentation to support ongoing security systems operations, maintenance, and specific problem resolution
  • Participate in annual incident response and disaster recovery tests.
  • Assisting with compliance regulations
  • Active member in technical workgroups to recommend effective security configurations and architecture
  • Assist in all security compliance and audits associated with each (PCI, SOC, etc.)
  • Other duties as assigned

QUALIFICATIONS

Required Education: Bachelor’s degree in Computer Science or related field

Required Experience:

  • Technical expertise in analyzing threat event data, evaluating malicious activity, documenting unusual files and data, and identifying tactics, techniques and procedures used by attackers
  • Experience performing penetration tests.
  • 2-4 years Information Security Experience

Preferred Experience

  • Knowledge of web architectures and technologies such as HTML, JavaScript, XML, REST, SOAP
  • Expertise in TCP/IP
  • Strong understanding of common network vulnerabilities, OS vulnerabilities (Linux, Windows and OSX), patching and attack patterns
  • Expertise with OWASP/NIST security concepts and common application security risks, such as XSS, XSRF, SQL Injection, Cookie Manipulation among others
  • Familiarity with Enterprise Vulnerability Management tools such as Rapid 7 Nexpose and Nessus

Required Skills

  • Successful experience identifying, qualifying, and remediating security vulnerabilities
  • Must understand security concepts and be able to link system issues to Emburse’s infrastructure
  • Ability to work under moderate supervision and collaborate effectively with management

Key Attributes

  • Self-starter
  • Team player
  • Builds and maintains effective relationships with co-workers and customers
  • Effective, clear communication skills in English, both written and spoken
  • Operates with a sense of urgency
  • Accountable

Source: Best Remote Job, Emburse