Security Engineer III

Kansas City | Seattle | St. Louis | Chicago Modern Application Development - Modern Application Development Full Time

Valorem Reply is seeking a senior level Security Engineer with a passion for protecting customer data using modern technology and best practices. The candidate will help ensure that sensitive data is kept confidential, ensuring the right tools are in place, and help the team guarantee the safety of valuable information for our customers.
 
An ideal candidate will have a solid understanding of modern application techniques, architecture, and software development practices. The person will need to be well versed with Microsoft Azure and development pipelines, although the individual in this role will not be required to build them. As part of a team that provides project-based consulting, the candidate will have the opportunity to work in multiple industry verticals, project teams and technologies. It is important that the person can work both independently and in conjunction with a team. There is a need for strong initiative to build right-sized security audits across several topics and execute with various teams with confidence from experience. This is not a position for completing simple compliance checkboxes; the intent is to truly take ownership of protecting our business and that of our customers. This is not a position for people new to the field. This is not a position for people that want to simply take orders. The candidate will need initiative and have enjoyment in crafting solutions that creatively meet the changing landscape of software engineering.

The candidate will have experience with these topics as they relate to security:
- Define delivery process and controls​
- Evaluate existing architecture and design​
- Guidance and testing procedures for endpoint protection​
- Secrets management​
- Application code repositories​
- Environment configuration​
- Continuous integration and deployment​
- Release management​
- Application performance monitoring​
- Logging​
- Threat detection​
- Security policies and recommendations​

Responsibilities

  • Develop best practices and security standards for delivery teams
  • Mentor and guide team members in enhancing their security capabilities, including workshops and developing training materials
  • Participate in pre-sales activities, consulting engagements and client training
  • Understand project scopes, architectural diagrams and requirements to further breakdown security requirements and implementing them as part of a project team
  • Research system and process weaknesses and find ways to counter them
  • Find cost-effective solutions to cybersecurity problems
  • Act as the point of escalation for security topics
  • Act as the security expert directly with customers and be an ambassador for the company
  • Facilitate and coordinate appropriate and effective communication channels within project team, across project teams, and with management
  • Handle security incident situations with internal teams and customers
  • ·        Test company software, firmware and firewalls
  • Maintain the applicable Microsoft Competency designations (Microsoft AZ-500, etc.)
  • Requirements

  • At least 5+ years of experience in cyber security or AppDevSec role
  • At least 5+ years of experience as a Software Engineer and basic coding skills, preferably Microsoft technology stack and basic understanding of modern JavaScript frameworks
  • Microsoft AZ-500 certification desired but not required
  • Certifications such as CISSP, GSEC, CEH or CISM desired but not required
  • Consulting experience working directly with customers
  • Ability to pass security clearance required by our customers
  • Experience with security in Azure cloud environments
  • Experience with Azure Sentinel, PowerShell, Azure Notebooks, Azure Security Center, Microsoft Information Protection, and Microsoft Graph security preferred
  • Experience with securing CI/CD pipelines and software deployment, preferably using Azure DevOps
  • Experience with implementing static code analysis tools
  • Knowledge of security-based policies and procedures, industry compliance standards, design and implementation of Firewalls, Network Security Infrastructure, Identity Access Management (IAM), Data Loss Prevention (DLP), Security Information and Event Management (SIEM), Web Application, Endpoint, Host Based, IaaS, PaaS and SaaS platforms security
  • Experience with handling security incidents
  • Experience creating and implementing security policies, audits, reports, and driving these across a project team or organization
  • Kansas City | Seattle | St. Louis | Chicago

    Security Engineer III