Information Security Engineer

Outstanding long-term contract opportunity! A well-known Financial Services Company is looking for a Information Security Engineer in Charlotte, NC (Hybrid).

Work with the brightest minds at one of the largest financial institutions in the world. This is a long-term contract opportunity that includes a competitive benefit package! Our client has been around for over 150 years and is continuously innovating in today's digital age.

If you want to work for a company that is not only a household name, but also truly cares about satisfying customers' financial needs and helping people succeed financially, apply today.

Contract Duration : 6 Months

Required Skills & Experience

• 5+ years of Application Security Engineering experience, or equivalent demonstrated through one or a combination of the following : work experience, training, military experience, education.
• 5+ years of experience troubleshooting in complex technical environments.
• 2+ years of experience implementing technical solutions in a large enterprise (150K+ employees)
• 2+ years of experience with scripting tools such as Bash, Python and PowerShell.
• 1+ year of experience writing SQL queries.
• 1+ year of experience building / managing MS SQL and / or Oracle databases, including data feeds and ETL.
• 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following : work or consulting experience, training, military experience, education.

Desired Skills & Experience

• Expert understanding of the most common application security risks (OWASP Top 10, SANS / CWE Top 25)
• Experience in developing applications in Java, .NET (preferred), C#, JavaScript, Python, or other modern OOP languages.
• Experience managing automated application security testing tools, including Static and Dynamic Application Security Testing (SAST / DAST) and Software Composition Analysis (SCA).
• Provide strategic and tactical security guidance for secure application development, including the evaluation and recommendation of technical controls.
• Experience integrating application security tools into the CI / CD pipeline.
• DevSecOps experience.
• Recommended application security certifications (one or more) : OSCP / OSEP / OSWE, CEH / LPT, CPT / CEPT, CASS, CASE, CMWAPT, CRTOP, GIAC GEVA / GPEN / GWAPT / GCPN / GXPN / GMOB / GDAT.
• Experience with integrating application security tools into Enterprise vulnerability management systems (e.g., ServiceNow)
• Thoroughly understand secure application design principals, including the areas of authentication, authorization / least privilege, logging, encryption, data masking, data retention, and secure data transmission.
• Assist in the development and management of security policies, standards, procedures, and guidelines.
• Design, document, plan, coordinate, and implement complex information security solutions.
• Strong technical and business writing skills, plus the ability to effectively explain plans and solutions verbally to both technology and business units.
• Direct or serve as a mentor to less experienced engineering staff.

What You Will Be Doing

Tech Breakdown

• XX% Red Hat Linux
• XX% Windows Server 2010

Daily Responsibilities

• Consult on complex initiatives with broad impact and large-scale planning for Information Security Engineering.
• Review and analyze complex multi-faceted, larger scale or longer-term Information Security Engineering challenges that require in-depth evaluation of multiple factors including intangibles or unprecedented factors.
• Contribute to the resolution of complex and multi-faceted situations requiring solid understanding of the function, policies, procedures, and compliance requirements that meet deliverables.
• Strategically collaborate and consult with client personnel.
30+ days ago