Job Summary: We are seeking an experienced Cyber Security Specialist to enhance the security posture of our software, systems, and infrastructure.
This role involves conducting technical security assessments, vulnerability testing, and threat modeling while collaborating with cross-functional teams to ensure best-in-class security measures.
The ideal candidate will have extensive expertise in cybersecurity, application security, cloud security, and threat modeling methodologies.
Key Responsibilities: - Lead information security reviews for new technologies, designs, and remediation planning efforts.
- Conduct technical security assessments, code reviews, and vulnerability testing to mitigate risks.
- Collaborate with Engineering & Operations Teams to resolve security vulnerabilities identified via PSIRTs, scans, or breaches.
- Implement and oversee various threat modeling approaches, including STRIDE, PASTA, TRIKE, ATTACK TREE, DREAD, KILL CHAIN, and CAPEC.
- Develop and maintain secure coding practices, vulnerability management (SAST/DAST/IAST), and OWASP Top 10 application security testing methodologies.
- Design and implement firewall policies, SSL certificate management, and vulnerability analysis & mitigation strategies.
- Optimize security strategies for mobile applications, IoT devices, enterprise applications, cloud security, and carrier network technologies.
- Define technical specifications and security requirements, ensuring alignment with regulatory compliance (e.g., SOX, PCI, CPNI).
- Utilize load balancers, firewalls, SIEM solutions, and cloud security platforms to mitigate advanced persistent threats.
- Implement security automation tools and conduct regular security audits to enhance infrastructure resilience.
- Provide expert guidance in network security, API security, privileged access management, and malware protection.
- Collaborate with leadership to develop security frameworks, incident response strategies, and proactive security measures.
- Conduct knowledge-sharing sessions, technical trainings, and contribute to security research initiatives.
Required Qualifications: - 10+ years of experience in cybersecurity with expertise in network and application security.
- 5+ years of experience in Java, Python, Node.js, and security frameworks.
- 5+ years of experience in threat modeling methodologies (STRIDE, PASTA, ATTACK TREE, etc.).
- 8+ years of experience in SSL and firewall policy design.
- 5+ years of experience in vulnerability analysis, mitigation strategies, and cloud security.
- Strong expertise in security tools and platforms, including:
- Load Balancers: A10, F5
- Firewalls: CheckPoint
- MDM Solutions: MobileIron
- Cloud Platforms: AWS, Azure, PCF, Docker
- Malware Protection: FireEye
- Advanced Persistent Threats: Damballa
- Privileged Account Management: CyberArk
- SIEM Solutions: ArcSight
- Log & Event Monitoring: Splunk
- Intrusion Detection/Prevent Node.jsion: Symantec
- Security Scanning Tools: Qualys, Veracode
Preferred Qualifications: - Experience in the telecom industry (preferred but not mandatory).
- Strong understanding of security compliance regulations (SOX, PCI, CPNI).
- Experience in mobile application security and RESTful API security.
- Proficiency in security automation and scripting (Python, Perl, Shell, HTML, PHP).
- Advanced knowledge of Agile and DevOps methodologies.
Location & Work Arrangement: - Location Options: Bellevue, WA Overland Park, KS Frisco, TX Ravinia, GA Remote
Education: Bachelors Degree