Our client, a high-frequency proprietary trading firm founded in 1998, seeks a Principal Security Engineer to join our Information Security team.
The position calls for using a diverse set of technical and security skills with the ability to quickly adapt to and learn unfamiliar technologies, and the discipline to follow processes in a regulated financial environment. This position also provides opportunities to interact with very diverse areas within our company, and every technology we work with.
- Collaborate with engineers to develop secure services.
- Audit source code for security vulnerabilities.
- Develop/implement automated systems to help spot known security exposures.
- Consult on discovered security flaws, how to exploit them, and how to remediate flaws.
- Conduct threat mapping with respect to competitors, state-sponsors and hacktivists.
- Conduct intelligence gathering including digital, social and physical aspects.
- Conduct attack simulation exercises on a periodic basis.
- Continuous assessment around effectiveness of defense response.
- Demonstrate use of information and access by adversaries to stakeholders.
- Ensure adherence to appropriate standards, best practices workplace policies and procedures.
- Work effectively as a team member, providing hands on support, maintaining communication and updating senior staff on progress.
- Participate in Incident Response procedures if/when required.
Skills and attributes for success
- Strong understanding of the intelligence lifecycle and models including Cyber Kill Chain and MITRE ATT&CK framework.
- Experience in cyber threat landscape, TTPs, threat actors and groups.
- Experience in threat actor and threat group profiling.
- Exposure and understanding of open source intelligence OSINT.
- Exposure and understanding of cyber threats in the financial sector.
- Exposure and understanding of underground criminal communities and dark web.
- Technical knowhow of malware reverse engineering.
- Visibility and presence in the threat intelligence community.
- Experience with SIEM technologies, threat hunting, monitoring and investigations.
- Excellent analytic and writing capabilities.
- Mentor and guide security analysts in cyber threat intelligence skills.
- Ability to work with minimum guidance.
- Liaise with stakeholders and seek requirement clarification.
- Exposure to Unix/Linux environments with knowledge of commands & basic shell scripting will be an added advantage.
Experience and Other requirements:
- 7-11 years relevant experience, successfully delivering in an Enterprise environment.
- Bachelor/Masters of Engineering in Computer Science / Information Security / Cyber Security
- Network and security and tools, including IDS/IPS, NAC,DLP, VPN, firewall management and audit, endpoint, anti-malware, database audit and monitoring
- Strong experience with secure architecture design.
- Security expertise in one or more of: python, bash, C, C++, cryptography, reverse engineering, wireless networks, common web vulnerabilities (SQLi, XSS, CSRF), exploit development.
- Security applications utilized for logging, packet capture, email, directory services, web, authentication, remote access, and encryption.
- Database audit/security background is a strong plus.
- Cloud security deployment and controls.
- IT security technologies, policies, and procedures.
- Have passion to learn evolving technologies.
- Self starter with a can-do attitude capable of overcoming difficult challenges.
- Communicate clearly and effectively with the distributed team and stakeholders.
- Showcase good critical thinking and analytical skills.
- Ability to stay focused while working under pressure.
- Flexible to work in different time-zones, based on Business requirements.
- Conduct training and mentoring of team members.
Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Visit https://www.yoh.com/applicants-with-disabilities to contact us if you are an individual with a disability and require accommodation in the application process.
Location/Region: New York,NY