Security Engineer

The security engineer will be responsible for the following activities and functions:

• Research, evaluate, recommend, and implement security solutions, standards, and best practices to protect Comscore’s business from potential threats.
• Conduct security risk assessments of cloud and internal systems, applications, and IT infrastructure as part of the overall risk management practice of the organization.
• Conduct vulnerability assessments and other security reviews of systems, and prioritize remediation based on the risk profile of the asset.
• Review and assess security and infrastructure logs for indicators of compromise (IOCs) or other anomalous behavior within networks, applications, or users.
• Conduct code reviews to determine security flaws or other issues that would impact the confidentiality, integrity, or availability of systems.
• Support the testing, validation, and improvements of internal security controls.
• Assist with penetration testing and other "red" team exercises.
• Develop recommendations and standard to protect cloud environments.
• Establish incident response playbooks and procedures.
• Monitor security vulnerability information from vendors and third parties.

Qualifications/Experience

• Bachelor's degree in security, software engineering, information systems, or equivalent work experience.
• Minimum of two years IT security, DevOps, or network security experience.
• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
• Knowledge of one or more of best-of-breed security tools, such as Next-Generation Firewall, Next-Generation Endpoint Protection, Endpoint Detection and Response (EDR), Intrusion Detection/Prevention (IDS/IPS), Security Incident and Event Management (SIEM), Web Application Firewall (WAF), Denial of Service (DOS) protection, Data Loss Prevention (DLP), Data Encryption, Application Security Testing (DAST, SAST), Cloud Security Posture Management (CSPM), Attack Surface Management (ASM), Cloud Security Access Broker (CASB), Identity Governance and Access Management (IGA).
• Knowledge of network infrastructure (including Zero Trust Network Architecture) application delivery controllers, load balancers, routers, switches, firewalls, and associated network concepts and protocols.
• Knowledge of Windows Active Directory infrastructure and policy management.
• Knowledge of a scripting language, such as Power Shell, Python, or Perl.
• Knowledge of AWS architecture and best practices.
• Experience with AWS CLI is desirable.
• Knowledge of pentesting and application security testing practices.
• Experience with common information security management frameworks, such as ISO 27001 and National Institute of Standards and Technology (NIST) frameworks.
• Experience with Dev Sec Ops practices.
• Strong written and verbal communication skills.
• Strong analytical and problem-solving skills
• Continuous improvement mindset.
• Strong team-oriented interpersonal skills.
• Strong customer/client focus, with the ability to manage expectations, provide a superior customer/client experience and build long-term relationships.
• CISSP certification is desired.

Security Engineer
https://www.comscore.com/About/Careers/Job-Opportunities?sfid=895