Junior Security Engineer at Digital Maelstrom
This position is within the cybersecurity organization at Digital Maelstrom.
- Experience with Windows, Linux, macOS
- Experience with Command-line programs, Shell and Shell scripting
- Understanding of networking fundamentals, protocols & application behaviors as related to security matters
- Experience with secure configuration, implementation of systems
- A solid understanding of best practices and techniques in attacking or defending information systems
- Have experience with network and web application penetration testing and related tools (OSCP preferred)
- Have familiarity with software development processes and experience securing custom software
- Cloud experience (any of AWS, Azure, Google Cloud)
- Bachelor’s Degree in Computer Science, Information Systems or related field; or certification in relevant programs (CISSP, CSSLP, OSCP, GPEN, GIAC, Security+, or others); or equivalent work experience.
This position is within the cybersecurity organization at Digital Maelstrom. Candidates will work closely with other engineers, principal consultants, and various client contacts such as stakeholders, architects, business analysts, client IT personnel, and management.
This position is full-time.
- Work with a cross-functional team to secure client organizations from threats and vulnerabilities as part of a broader information security program
- Analyze and troubleshoot complex problems and provide technical and software solutions using a diverse mix of cutting-edge technologies.
- Perform research, present analysis, and provide recommendations about systems, vulnerabilities, security controls, and recommend improvements which are consistent with business goals.
- Break down complex requirements into clear, actionable tasks which can be estimated and completed.
- Develop, document, design, implement, and test security controls for clients in conjunction with senior engineers
- Gather, compile, and synthesize information in regard to technology, threats, vulnerabilities, threat models, processes, hardware, software, and people.
- Be capable of automating tasks using programming languages with well-documented, readable, and maintainable code
- Must possess strong interpersonal and communications skills; capable of writing purchase justifications, training users/team members in complex topics, making/giving presentations.
- Write policy, procedure, standards, guideline, and other technical documentation and about the proper implementation of sound security program elements
- Able to review logs and other metrics for signs of cyber threats or attacks and escalate to senior engineers
- Able to test complicated and detailed aspects of a security posture or configuration, identify deficiencies, and recommend remediation actions
- Be capable of continually improving one’s own skill set relevant to business and technical missions with minimal oversight. Must take initiative, negotiate with project management, and execute successfully on plans.
- Able to participate in agile team practices; reflect honestly on own performance, participate in shared team accountability, recommend changes for team improvement
- Must be able to handle sensitive information with appropriate discretion
- Write manual and automated tests as part of a normal security practice.
- Other duties as assigned.