Share your application directly to maricris at theoptimum dot net

Software Development Engineer Associate and Software Development Engineer Senior

Job Summary:

• The InfoSec Security Engineer works within a multi-disciplinary team of engineers and architects to build and maintain integrated security solutions and patterns for the enterprise.
• This engineering position will focus on helping in secure configuration for tools that internal teams use.
• In addition to a focus on Information Security, this role will work closely with users, network, system infrastructure, and application teams to provide guidance and best of practice solutions and show how to configure it and to work on problems of a diverse scope where analysis of a situation requires evaluation and collaboration.

Success for this role requires that you are:

• Familiar with information security concepts, standards, trends, and best practices
• Driven to learn new things excited about challenges and finding solutions 
• A strong builder mentality with a drive to “see things through”
• Able to organize one’s work, and help others organize their
• Able to write a code and manage configuration as a code
• Able to interpret and apply security principles and standards to designs, configurations and policies
• Able to communicate technical concepts and details to peers and management clearly and concisely
• Able to demonstrate good judgment concerning the confidentiality, availability, and integrity of information

The Role will:

• Implement and maintain key security tools such as secret management, network configuration, Web application firewall, code scanning
• Serve as Primary or Secondary Technology resource for InfoSec Engineering
• Utilize logs and analysis tools to assist in Cyber threat detection and specify detection queries for SIEM consumption
• Work with application teams to help them and explain the configuration and security best practices for various solutions
• Design, build, document, and maintain efficient, reusable, and reliable code for Security Orchestration, Automation, and Response (SOAR) policy as code, and Security Operations and Analytics platforms
• Model the Equinix culture and values

Knowledge / Skills / Abilities:

• Hands-on experience with CI/CD tools (one of GitHub Actions, Jenkins, Gitlab, etc.)
• Strong working knowledge of how to implement secure systems using public cloud services (any of the major cloud providers)
• Functional understanding of TCP/IP, UDP, load balancers, ports, practical network operations and troubleshooting
• Ability to detect errors in logic, process, data, and system structure
• Experience building automations and services in Terraform, ansible, Python, bash, etc.
• Experience with troubleshooting the behavior of web UIs, web services, APIs
• Knowledge of Authentication and Authorization technologies and methods (SAML, HMAC, OAuth etc)
• Experience with Hashicorp Vault will be a plus
• Broad knowledge of information technology and security controls in various application and infrastructure platforms including network (physical, virtual, internal, cloud), system platforms, storage, directory services, and end user computing
• Previous experience with WAF will be a plus

Demonstrated ability to work within globally dispersed and cross-functional teams

Required Qualifications:

• 4+ years’ work experience in Security Engineering or DevOps in a medium or large corporate environment or a college degree in computer science, data communications, electrical or computer engineering and 3 years’ work experience.
• Demonstrated hands on experience with the following technologies (at least couple):
   Sonarqube
   SCA (any Nexus IQ, Snyk, Trivy, etc)
   DAST (i.e. Netsparker)
   Hashicorp Vault
   Twistlock
   WAF
• Tier 2 support for remediation of findings from these tools in the capacity of:
   Provide guidance on the Tier 1 guidelines on how to do the remediation from these tools and how to configure them
   Support for escalation to Tier 3, if a deeper dive is needed