Information Technology Security Engineer

Role: Cloud Security Engineer

Location: Cary, NC (Day-1 Onsite)

Job Type: Contract (12+Months)

Description:

Reporting to the IT Security Manager, the IT Security Analyst is a position based in North Carolina.

Responsibilities:

• Hands-on experience with security testing tools such as Burp Suite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Qualys Web Inspect, or other tools included within the Kali Linux distribution.
• Experience in security assessment activities within a client's environment, emphasizing manual stealthy testing techniques using commercially and freely available offensive security tools and utilities built into operating systems.
• Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing.
• Good understanding of cloud technologies and their security best practices.
• Fine-tune WAF policies and configurations to optimize security while minimizing false positives.
• Configure, deploy, and maintain Web Application Firewalls (WAF) in production and development environments.
• Coordinate investigations and reporting of security incidents related to Network Systems and applications.
• Coordinate and execute IT security projects for Arista at multiple locations.
• Engage in security research to keep abreast of the latest security issues for Cloud-enabled enterprises including SAAS and IAAS.
• Monitor system compliance with the IT framework for controls and levels of access, recommending improvements.
• Collaborate with other groups inside Arista to manage security vulnerabilities and help manage risks.
• Administer security-dedicated systems, Software Firewall management, EDR, NDR, log collection, reporting, analytics, and Cloud Security consoles as appropriate.
• Experience with CSPM tools such as WIZ, Lacework, Google Security Command Center.
• Terraform, CloudFormation, Forseti, and other similar tools experience is highly desired.
• Conduct and collaborate on laptop and server forensics as well as Cloud Service Provider forensics with the global security team.

Qualifications:

• BA or BSc in Computer Science, Management Information Systems, Information Assurance, or related field.
• Must have 6 years of progressive experience in computing and information security.
• Knowledge of common adversary tactics and techniques (e.g., obfuscation, persistence, defense evasion, etc.).
• Knowledge of the Mitre ATT&CK framework preferred.
• Good knowledge of security fundamentals, Networking protocols, TCP/IP stack, systems architecture, and operating systems.
• Must have practical experience in Privacy Controls and implementing them in a corporate environment.
• Expert knowledge of laptop operating systems (MacOS, Windows, and Linux) is desired.
• Proven project management experience is a bonus, specifically experience in managing remote office configuration and working with remote offsite vendors.
• Experience working in a large cloud or Internet software company.
• Business Application security analysis and practical experience is a plus (e.g., SFDC, NS, SiSense).
• CISSP, GIAC, or other security certifications desired.
• Knowledge of information security standards (e.g., ISO 17799, 27002, etc.) and rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.).
• This position requires some weekend and evening assignments, as well as availability during off-hours for participation in scheduled and unscheduled activities.

Mandatory Skills: Network Protocol - L3 Protocols

Good to Have Skills: Packet Core and Policy Control

Seniority Level: Mid-Senior level

Employment Type: Contract

Job Function: Information Technology

Industries: IT Services and IT Consulting