Armor, Inc., the leader in Managed Detection and Response, is looking for a talented and highly motivated engineer to join its Security Operations Department. The Security Policy Orchestration Engineer will be primarily responsible for the day to day orchestration and changes to Armor’s securityinfrastructure, protecting both Armor’s cloud environment and customer systems. This position will work closely with other teams within the Security Operations Center, as well as with other departments to ensure that Armor’s dynamic security solutions protect against both current and future threats.
Security Policy Orchestration Engineer Essential Duties and Responsibilities: (Additional duties may be assigned as required)
· Configure, manage, and maintain service-provider caliber securityinfrastructure policies across Armor’s product suites based on industry best-practices, including:
• Large-scale, distributed Web Application Firewalls (WAF)
• Firewall technologies, including next-gen firewalls
• Network and Host-based Intrusion Detection/Protection systems (IDS/IPS)
• Centrally-managed Anti-Malware and Anti-Virus
• File Integrity Monitoring (FIM)
• Security Information and Event Management (SIEM) solutions and event correlation platforms
• Data Loss Prevention (DLP) technologies
• Reputation Management
• Other security technologies providing protective controls and event visibility
· Lead efforts to drive current operations towards proactive mitigation and detection of the attacks of tomorrow through dynamic and forward-thinking processes.
· Work closely with engineering and development teams on automation and orchestration of and between different security systems.
· Research, recommend, test, and implement new security technologies as needed to fill gaps, provide additional capabilities, or to supplement existing technologies.
· Work with other security teams on the design and development of next-generation tool sets and techniques to ensure real-time visualization of active attacks and indicators of compromise.
· Assist in the creation of compensating controls and mitigation techniques for 0-day and critical vulnerabilities as they are realized, and ensure visibility into any attempts.
· Monitor and enforce guidelines for best practices in security and compliance.
· Respond to customer inquiries, guiding and advising customers on security best practices as needed.
· Research and investigate new and emerging threats and vulnerabilities and participate in security communities.
· Advanced understanding of networksecurity technologies and policy management.
· Advanced understanding of host and network-based security controls, devices, software, and policy management for these systems and technologies.
· Advanced understanding of event correlation, analytic solutions’ rule engines, and the logic behind these systems.
· Critical thinker who can analyze complex and highly technical data, and work with other teams to achieve the company’s security objectives.
· Highly skilled and/or educated in the area of Security Operations with detailed knowledge in current cybersecuritythreats, trends, and risk mitigation techniques.
· Strong knowledge and operational experience in handling host and network based incident response scenarios.
· Strong knowledge of host compromise and malware injection techniques.
· Strong understanding of both Windows and Linux operating systems, command line tools and regex.
· Able to work both independently and with a team, prioritize tasks, and effectively manage time to ensure customer SLA’s and expectations are met.
· Able to promptly respond to issues via email, telephone, messaging, and other ticketing system.
· Self-motivated and detail-oriented.
· Able to multi-task, prioritize, and resolve multiple inquiries at once.
· Excellent communication (oral and written), interpersonal, and organizational skills.
· Ability to work evenings/weekends as required, to be on-call 24x7 to serve as the escalation point for your team
Education And/Or Experience:
· One or more Security and Technical Certifications (preferred): Security+, CEH, CCNA, CCNP Security, CISSP.
· Associates Degree or Bachelors Degree in Information Technology or Information Security subject areas (preferred) and/or 1-5 years of job-related experience.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the tools, systems and knowledge requirements in our environment today, but are expected to change and grow:
· Knowledge of and ability to administer both Windows and Linux Server environments.
· Knowledge of and ability to configure, administrate and troubleshoot network and host-based security tools to include but not limited to firewalls (standard, next-gen, web access), IDS/IPS, SIEM, anti-virus/anti-malware, FIM, DLP, and reputation management systems.
· Ability to identify attack vectors and formulate protective and detective rules and measures.
· Knowledge of and ability to administer scriptinglanguages: Perl, PHP, Python, Bash, Ruby.
While performing the duties of this job, the employee is regularly required to sit for extended periods. Hands-on work is expected. The employee may be required to assist with tasks in the data center and perform moderate lifting up to 100 lbs.
The noise level in the work environment is usually low to moderate. The work environment may be in either an office setting or at the company’s data center.
Equal Opportunity Employer
It is the policy of the company to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment, including in selection for job opportunities, without regard to race, color, religion, sex, national origin, age, disability, genetic information, veteran status, or any other consideration protected by federal, state or local laws.
Job Code: 526 - ID: 527