Information Security Engineer

About the Role

What You Will Do

• Conduct vulnerability assessments for all types of applications, systems, and networks to identify potential security risks.
• Communicate security vulnerabilities and corrective actions to various internal groups and validate remediation efforts.
• Perform code reviews to find vulnerabilities and fix errors overlooked in the development phase, ensuring high-quality and secure code.
• Utilize commercial and open-source vulnerability assessment tools to stay efficient and effective in your role.
• Perform manual verification of vulnerabilities to reduce false positives and ensure accuracy.
• Create detailed assessment reports and present them to management and technology professionals, providing actionable recommendations.
• Develop metrics for tracking and analyzing vulnerability information to improve the overall security posture of the company.
• Assist in regular penetration testing to identify weaknesses and strengthen the company's defenses.
• Develop and maintain internal tools and task automation using AI, contributing to process efficiency and innovation.
• Stay current on information security threats and trends, applying this knowledge to improve the company's security practices.
• Train security team members on vulnerability management processes and tools, ensuring a skilled and knowledgeable team.

What We Are Looking For

• Bachelor’s degree in Engineering, Computer Science, or equivalent.
• 3 to 5 years of experience in a related field, preferably in information security or a similar role.
• Possess certification/s related to Vulnerability Assessment such as GIAC, CEH, demonstrating expertise in the field.
• Excellent written and verbal communication skills, with the ability to present complex technical information to various audiences.
• Hands-on experience with performing network vulnerability assessments and application scans.
• Knowledge of OWASP tools and methodologies, as well as competency with network security and information security concepts and technologies.
• Thorough knowledge of the Windows OS as well as Linux and Unix variants, ensuring versatility in your work.

Nice to Have

• Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint).
• Experience with web application vulnerability scanning tools (e.g., HP Webinspect, Burpsuite Pro).
• Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify).
• Experience with high-level programming languages (e.g., Java, C, C++, .NET (C#, VB)).

Benefits and Perks

• Opportunity to work with a leading company in the mortgage and real estate industry.
• Collaborative and innovative work environment.
• Professional development opportunities, including training and certification support.
• Flexible and remote work arrangements, allowing for a better work-life balance.
• Competitive compensation package, including benefits and perks tailored to your needs.

• Ensure you have a strong foundation in vulnerability assessment and management, as well as experience with various security tools and technologies.
• Highlight your ability to communicate complex technical information to both technical and non-technical audiences, showcasing your presentation skills.
• Be prepared to provide specific examples of your experience with code reviews, vulnerability scanning, and penetration testing, demonstrating your hands-on skills.
• Show a keen interest in staying current with the latest security threats and trends, and discuss how you apply this knowledge in your work.
• Prepare to discuss your experience with AI and automation in the context of security, and how you see these technologies evolving in the field.
• Consider including relevant certifications, such as GIAC or CEH, in your application to demonstrate your expertise and commitment to the field.