This job post is closed and the position is probably filled. Please do not apply. Work for DrFirst and want to re-open this job? Use the edit link in the email when you posted the job!
\nPurpose: \n The Information Security Engineer will be on the Information Security team and focus on handling Web Application Vulnerability Management, Issue Management, and Incident Response. The position objective is to support the operations of the Information Security department. With a primary focus on finding, analyzing, and tracking vulnerabilities and security issues to remediation.\n\nThe successful candidate must have in-depth knowledge of information security, web application vulnerability management, web applications testing, and static code analysis. High level communication skills are essential to successfully translate technology and requirements into business terms.\n \n This role lies within the Information Security function, reporting to the Information Security Manager, but is closely aligned with other corporate functions such as Human Resources, Compliance and Information Technology, and may involve liaison with third party suppliers of awareness and training materials and services.\n\n\n\nKey Responsibilities\n\n\n* Operate and improve the end-to-end vulnerability management process, including aspects of asset inventory, contextual approach to scanning, conducting risk and vulnerability assessment, and providing reporting and remediation guidance.\n\n* Operate Web Application security testing, and Static Code vulnerability analysis\n\n* Provide in-depth analysis of vulnerabilities and related impact to stakeholders.\n\n* Lead regular meetings with stakeholders to coordinate remediation efforts and clarify ownership.\n\n* Influence stakeholders to prioritize risk treatment for identified vulnerabilities.\n\n* Provide security reviews of change management tickets submitted by the organization to ensure remediation efforts are acted upon in a timely manner.\n\n* Serve as the subject matter expert for threat and vulnerability processes.\n\n* Assist with associated incident response, security administration, and security monitoring initiatives as requested.\n\n\n\n\n\nEducation and Skill Set:\n\n\n* Bachelor’s degree in related field\n\n* A minimum of 5 years of experience in IT and information security, 2 of which must be in information security\n\n* Must be a self-motivated, detail-oriented professional\n\n* Excellent communication, facilitation, and writing skills\n\n* Strong knowledge in a scripting language such as perl or python\n\n* Strong knowledge of Java or an equivalent programming language\n\n* Experience using JIRA is preferred but not required\n\n* Experience with security tools, including: vulnerability management tools such as Nessus, or Qualys, Symantec Endpoint Protection, Veracode or IBM Appscan, nmap, metasploit, core impact.\n\n* Expert understanding of operating systems (Windows, Linux, Mac, iOS/Android)\n\n* Experience with, and understanding of, the healthcare industry is preferred\n\n* Demonstrated ability to develop and report on metrics\n\n* Excellent communication, facilitation, and writing skills\n\n* Understanding of networks and network architecture\n\n\n\n\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Web Developer, Jira, Java and Perl jobs that are similar:\n\n
$75,000 — $117,500/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
# How do you apply?\n\nThis job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.