Post your Job

$225 for fulltime

$75 for freelance

Sign in  No account? Post your opening first!

Network Security Engineer

The American Institutes for Research (AIR) is one of the world’s largest behavioral and social science research and evaluation organizations. Within AIR, AIR Assessment focuses on providing clients with customized assessments that not only measure student achievement against state standards, but also provide meaningful score reports that can help students, parents, and educators address any areas of student weakness.

As a result of our continued growth, we are seeking a Network Security Engineer to join the software engineering and product development team of AIR Assessment.

Some of our ground-breaking work in AIR Assessment includes:

• advanced computer-adaptive algorithms (only one that’s peer-approved in the country)

• mobile support for the user interfaces

• learning management systems with social media features

• user interfaces that are universally accessible to people with or without disabilities

• innovative, machine-scorable items

Responsibilities

- Perform the day to day monitoring of security tools such as vulnerability scanners and act as an escalation point for notifications sent by hosting providers or internal teams regarding malware, vulnerabilities, indicators of compromise and other security related incident indicators.

- Work with software architects and developers to understand the AIR Assessment application deeply, to then define logging and auditing standards.

- Define the network zoning policies and standards to be applied to the different types of systems, and the rules governing the communications with all of them.

- Coordinate and ensure of the proper implementation of network controls with hosting provider(s), such as firewalls, IDS/IPS, DNS monitoring, WAF and DDoS protection.

- Implement processes and tools to ensure that all exchanges of information with third parties and clients use secured paths.

- Work with internal AIR security to ensure AST specific threats and compromise scenarios are covered by internal controls, or to design or modify existing controls currently in place.

- Coordinate penetration testing engagement with external vendors as well as the AIR Corporate Information Security Team.

- Coordinate the remediation of issues discovered through penetration testing, integrating these results to the vulnerability management process.

- Perform manual and automated testing of new software and infrastructure used by AIR AST before they are deployed to production.

- Define patterns and circumstances that should be deemed suspicious or malicious, and deploy systems to monitor these patterns across the application and underlying infrastructure.

- Perform account reviews to ensure account creation, modification and deletion respect policy.

- Work with systems administrators and hosting providers to ensure authentication security tools such as Two Factor Authentication are deployed securely, and that service accounts and other highly privileged and administrator/support accounts are restricted as much as possible.

Qualifications

• Bachelors degree in Computer Science, Engineering, Sciences, Mathematics (or related disciplines)

• 8+ years of technical information security experience; minimum of 5 years with hands-on experience in application and system/network security testing

• Strong understanding of information system security vulnerability assessment/testing on a wide variety of technologies and implementations utilizing both automated tools and manual techniques

• Significant experience performing web application security/penetration testing in accordance with well- known methodologies from OWASP, SANS, and NIST

• Demonstrate significant experience in testing multiple Operating Systems (Windows, Linux, and OSX) as well network devices

• Significant hands on experience with manual web application assessment and penetration testing methods related to web application mapping, reviewing client-side controls, testing user-input fields, and attacking session management, authentication, access controls, encryption, and backend databases/data stores

• Maintain high level of proficiency of hands-on experience with open source and commercial vulnerability assessment and penetration testing tools such as HP WebInspect/IBM AppScan/, Tenable Nessus/Rapid 7 NeXpose/Cenzic Hailstorm, Burp Suite, OWASP tools, Nmap, Wireshark, Fiddler, Firebug, Metasploit/Core Impact, sqlmap, ettercap, Caine and Able, BeEF, DirBuster, as well as tailor-made penetration testing distributions such as Kali Linux and Samurai WTF

• Work in a team environment or independently when necessary and be self-directed when appropriate

Preferred Qualifications:

• Industry information security certifications: OSCP/OSCE/OSWE, GPEN, GWAPT, CEH, CISSP

• Good understanding of the components of a secure SDLC

• Experience with scripting languages/programming languages: JavaScript, PHP, Python, JavaScript, Java, shell scripting, C/C++, jQuery, ASP, .NET, and HTML

• Experience with mobile application assessment and penetration testing

• Knowledge of and/or experience with Security Event and Incident Management systems, intrusion detection/prevention system technologies and deployment strategies, content/spam filtering, firewall configuration and rule maintenance

• Experience in performing static code analysis tools such as HP Fortify, Veracode, or IBM AppScan Source

• Ability to identify and 0-day issues employing scripting languages, programming languages, Assembly, and disassemblers/decompilers (IDA Pro, Flare) and debuggers (Ollydbg, GDB, WinDbg)

AIR offers an excellent compensation and benefits package, including a fully funded retirement plan, generous paid time off, commuter benefits, and tuition assistance. For more information, please visit our website at www.air.org. To apply, please go to https://jobs-airdc.icims.com/jobs/8940/network-security-engineer/job. Candidates must apply online for consideration. EOE.

How to apply

AIR offers an excellent compensation and benefits package, including a fully funded retirement plan, generous paid time off, commuter benefits, and tuition assistance. For more information, please visit our website at www.air.org. To apply, please go to https://jobs-airdc.icims.com/jobs/8940/network-security-engineer/job. Candidates must apply online for consideration. EOE.

Smashing Jobs

Your new job

Smashing Jobs is your job board that will help you find the right person for your job opening. It is featured at Smashing Magazine — a magazine that has more than 4 million monthly users and is known to be one of the most successful magazines for creative professionals.

Since 2008, we have been helping great companies as well as gifted job seekers to find their way to each other. We are trusted by companies of all sizes, such as Electronic Arts, Amazon, Lonely Planet, Garmin, Tesla Motors, Rockstar Games, MIT Technology Review, Mercedes, Activision, MTV and, last but not least, Nokia.

More Talents Needed?

Use our credit packages to cut your recruiting costs:

5 CreditsOnly $300. 20% discount. You save $75.
10 CreditsOnly $525. 30% discount. You save $225.

You can choose your preferred credit package during the posting process.

Paypal & Credit Cards
Paying is easy. You can pay from your PayPal deposit or simply start straight with your credit card.

There’s also the possibility of invoicing in which the alternative payment options are via bank transfer or check. If you’d like to get your job posting up and running in a minute, we could forward you a coupon code asap and you can pay later. Just contact Giammarco (g<dot>ledda<at>smashingjobs.com).