Business Unit Summary
HSN’s Information Team is responsible for all security functions associated with Information Technology, including communications (voice and data), infrastructure, and policies and procedures within the enterprise. This team has the responsibility for enterprise-wide information security, compliance and privacy. This engineering role supports a secure network infrastructure with security controls for the perimeter, internal network, endpoints, cloud, and remote access.
A Day in the Life
- Support and manage all technical aspects of security controls for a multi-location environment.
- Evaluate, recommend, and justify appropriate commercial off-the-shelf products that support the security program requirements.
- Manage, maintain and monitor multiple security technologies.
- Ensure new system builds entail appropriate security packages, tools, logging and monitoring applications are configured properly.
- Communicate technical application security concepts to employees, including developers, architects, and managers.
- Work with development and QA teams to ensure the use of secure coding practices and verification methods.
- Participate in Application security testing to include source code analysis, dynamic application security testing using open source and commercial tools.
- Assess the security posture, develop risk profiles, specify security requirements, and identify mitigation measures to safeguard public facing Web applications.
- Implement and maintain intrusion detection and prevention systems.
- Support the Information Security Architect in design and management of a secure network infrastructure.
- Communicate with key groups (i.e. various lines of business and other technical teams) regarding potential threats and remediation efforts.
- Keep pace with emerging security threats, technologies, and systems.
- Develop and maintain operational documentation and procedures.
- Perform or coordinate penetration testing and Web application security assessment activities.
- Provide 24x7 operational support for escalations on a rotating basis.
Keys to Success
At HSN, if you are Agile, Innovative, Pioneering, Dynamic, Boundaryless, Passionate, Customer-Centric, Collaborative, and Results-Focused, you will love it here!
- Bachelor's degree in Computer Science, Information Security, a related technical field or equivalent experience.
- 5 or more years of information security engineering, administration, and cyber threat research/analysis experience.
- 2 or more years of Web Application Firewall (WAF) experience.
(Candidates will be considered in totality of their skills and experience versus strict interpretation of “must haves.”)
Nice to Haves
- Relevant technical certifications (CISSP, OSCP, GIAC, CCNA/CCNP Security).
- Engineering and/or architecture experience with web applications, application stacks, web application firewalls, intrusion detection sensors, antimalware technologies, vulnerability scanning technologies, and APT prevention technologies.
- Knowledgeable on cyber threats relative to the retail industry.
- Experience in web application security testing and protection.
- Experience in conducting attribution analysis.
- Understanding of Technology Platforms (Windows, Open Source, Middleware Applications, Database Applications, Cisco, Adobe).
- Understanding of DDoS concepts, mitigation tools and techniques.
- Experience creating analytical reports for Leadership on complex criminal activity.
- Experience making effective presentations to all levels, including Senior Management.