Enterprise Security Engineer (remote)

The Position

The Enterprise Security Engineer mission is to defend OPSWAT’s corporate assets from all threats through risk reduction. The Enterprise Security Specialist reduces risk to OPSWAT’s corporate assets by advising, implementing, operating, and assuring multiple critical preventive and reactive security controls are in tight collaboration with teams and stakeholders across the company.

As an Enterprise Security Engineer on the operations team, you will be entrusted with the crucial responsibility of safeguarding OPSWAT's corporate environment. From our versatile laptop fleet (Mac, Windows & Linux) to our innovative SaaS apps and other Corporate Infrastructure, you will play a vital role in ensuring our success and securing our valuable assets.

With a confident and thoughtful approach, you'll build and implement solutions that raise the security bar for our corporate infrastructure. If you love working on security, engineering, and operations, we are excited to have you join our dynamic team!

What You Will Be Doing

• Contribute to designing and implementing solutions that support enterprise-wide security initiatives.
• Design, build, maintain, tune, and enhance the effectiveness of our Enterprise Security controls in a wide range of security domains, including:
• Endpoint Detection and Response (EDR)
• Network Detection and Response (NDR)
• Email Security
• Ransomware Resilience
• Security Information and Event Management (SIEM)
• Data Loss Prevention (DLP)/Insider Risk
• Conditional Access
• Vendor/Business Process Outsourcing (BPO) Security
• Device Posture and Attestation, Shadow IT
• Threat and Vulnerability Management (TVM)
• Identity and Access Management (IAM)
• Identity Protection
• Public Key Infrastructure (PKI)
  
  
• Perform risk assessments and security assurance (threat modeling, code review as necessary) on a range of systems that support OPSWAT’s business operations:
• Operating Systems and commercial/open-source desktop applications
• Internally developed Enterprise Infrastructure Services
• Third-Party Software as a Service (SaaS) solutions
• Network Infrastructure (ZTNA, CASB, VPN)
• Cloud Infrastructure (AWS, Azure)
  
  
• Collaborate with our Governance Risk and Compliance (GRC) team to help develop enterprise security standards, guidelines, and policies.
• Drive the remediation of security vulnerabilities identified through assessments.
• Build security automation to secure our corporate infrastructure.
• Evaluate cutting-edge Enterprise Security technology designed to increase our security posture.
• Partner with our product management teams to provide feedback on the products and roadmap.

What We Need From You

• Bachelor’s degree or college diploma in the field of Information Security, Computer Science, Information Systems, or equivalent experience.
• Expert on Microsoft Product Stack.
• Full-stack knowledge of IT infrastructure including securing: Applications, Databases, Operating systems (Windows, Unix/Linux and Mac), Hypervisors, IP networks (WAN and LAN), Storage networks, CI/CD pipelines, Backup networks and media, and Containers/Kubernetes
• Direct, hands-on experience knowledge of managing and operating security infrastructure - e.g., firewalls, IDS, IPS, web application firewalls (WAFs), endpoint protection, SIEM, and DLP technology as well as vulnerability and configuration management tools.
• Has working experience in Security Assurance: Penetration Testing, Code Review, and Threat Modeling.
• Direct experience or strong working knowledge of designing IAM technologies and services using: Active Directory, Azure Active Directory, Privileged Access Management, Multifactor Authentication, and Amazon Web Service (AWS) IAM
• Strong working knowledge of IT service management (e.g., ITIL-related disciplines): Asset management, Configuration management, Incident management, Problem management, Change management, and Vendor/Supplier Management.
• One or more of these preferred certifications: CEH, Security+, CISSP, SANS: GCIA, GCDA, GDSA, GSOC, GCED.