Information Security Engineer

Verato, Inc. | McLean, VA

Posted Date 11/30/2019
Description

About Verato

Verato offers next-generation, SaaS-based products for identity matching and resolution using the most accurate reference identity database and truth-matching technology. These solutions enable companies and governments to achieve a single view of the customer, streamline business processes and prevent fraud and waste by eliminating the ambiguity and duplication of customer identities in databases. Verato technology is faster to implement and less expensive than traditional matching methods.

If you like a work environment which is intellectually stimulating, extends the limits of what you know, and offers increasing amounts of responsibility and growth, Verato is the place for you. If you are driven to learn and produce results, and thrive in a creative, collaborative, and friendly environment, we want you on our team.

Verato’s work environment is fast-paced but informal, with casual dress throughout the week. We believe in fully supporting a productive development staff, and you will have access to the best hardware we can put on your desk. All of our employees have the opportunity to expand and improve their skill sets in advanced areas of knowledge beyond their direct area of responsibility, such as big data, distributed/cloud computing, complex algorithms, and data science, and they also get an influential front row seat at how a company executes its business and goes through the different stages of growth. The ideal person for this position will be detail oriented, entrepreneurial, possess a strong work ethic, and love a challenge. This is an excellent fit for a talented, innovative, and creative expert who thrives in a fast-paced startup environment and has a passion for technology.

This position will be based out of our HQ office in Tysons Corner, VA. Verato offers a comprehensive compensation package that includes salary, medical, dental, vision, 401k, 401k match, HSA, short and long-term disability, life insurance, employee support program, and the potential for stock options.

The Position

We're seeking an Information Security Engineer to help us achieve a world-class operational, infrastructure, application, and incident response posture to protect critical assets for the company and its customers. You will have a broad understanding of the modern cyber security landscape, with a background in intelligence gathering, incident response, application security, and process documentation. You will work with a team of accomplished Engineers and Data Scientists, and will be relied on as a technical contributor with a focus not only on engaging in the right activities, but achieving the right results.

What You Need for this Position

Your education, skills, and experience position you to provide immediate help in as many of these areas as possible, with bonus points for in-depth experience in understanding of key subdomains.

Risk Assessment

  • Vulnerability scans
  • Penetration tests (incl. social engineering)
  • 3rd Party (e.g., vendor) risk assessment
  • Data-centric risk assessment

Threat Intelligence

  • Internal
  • External
  • Online Threat Information Sources
  • Indicators of Compromise

Security Operations

  • SIEM
  • Vulnerability Management
  • Data Loss/Leakage Prevention
  • Incident Response

Security Engineering

  • Security Architecture
  • Identity and Access Management
  • Access Control, SSO
  • Secure Software Development
  • Cryptography

Cloud Security

  • AWS Roles, Policies, Resources and Credentials
  • User provisioning, SAML, OpenID Auth, etc.

Qualifications (The more of these you can satisfy, the better):

  • Bachelor's degree (CS, EE, etc. preferred) or equivalent experience
  • CISSP certification or similar a plus
  • Experience with SIEM technologies, and best practices for visibility into events
  • Malware detection, analysis, exploitation, containment, and eradication techniques
  • Skill in Penetration Testing, Vulnerability Management, Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Web Application Security, Risk Assessment and Mitigation Methodologies, and Counter Threat Operations
  • Experience monitoring and managing network and host-based intrusion prevention systems, malware prevention systems, vulnerability scanning solutions, DDOS protection, SIEM, host-based integrity checking, endpoint security and AV
  • OS X, Linux, Windows
  • Experience applying knowledge of information security concepts and theories through technical and non-technical methods
  • Solid understanding of cyber security threats, risks, vulnerabilities, and attacks, giving insight into threat actor motives, capabilities, and techniques
  • Demonstrated ability to meet deliverables, timetables, and deadlines
  • Personal integrity and high ethical behavior at all times to inspire confidence in clients, peers, partners, and employees
  • Knowledge of current and emerging security and information technology standards and practices
  • Acquaintance with security compliance regimes: NIST, PCI-DSS, ISO 27000, HITRUST, HIPAA CIS, etc.
  • U.S. Citizenship or Permanent Resident is required
  • Able to pass a public trust security clearance

Equal Opportunity Employer/Veterans/Disabled

Type
Full-time

Share this job