Security Engineer
Ahead of the Curve.
No one knows the road like Agero. For over 40 years, we have provided the safest, smartest solutions for drivers and the companies that keep them moving.
As a result, we have become an industry leader, providing vehicle manufacturers and insurance carriers with privately labeled state-of-the-art roadside assistance plans and efficient claims management solutions. Our Roadside Assistance network protects more than 75 million drivers each year, providing award-winning service that helps motorists in their time of need while building customer loyalty for our clients.
Headquartered in Medford, MA with operations throughout North America, we are trusted by more than 100 leading corporations and used by 75% of the new passenger vehicles sold in the U.S. As a result, we have more information about cars and drivers than any other company. We use that data to continually enrich our solutions, maximizing our customers' opportunities while minimizing driver distraction.
As a member of the Agero Security Team, this position is responsible for protecting data and information systems from unauthorized access, use, disclosure, disruption, modification or destruction; and protecting information and other valuable assets stored within facilities. This role covers systems that are located on premise or in the cloud and assists with developing network security to protect electronic information in transit over networks. The Security Engineer will be involved in a wide range of projects including developing methodologies requiring security best practices and use of industry standards, such as ISO 27001/2:2013, CIS, etc. Responsibilities include helping to maintain compliance to major governance and regulatory standards such as: PCI Data Security Standards, Massachusetts Data Protection Regulations, GDPR and other data protection standards. The Security Engineer will also work to ensure successful completion of vulnerability audits and assessments, as required.
KEY OUTCOMES
Strategy & Planning
- Assist in developing and maintaining the enterprise’s security awareness training program.
- Help create and maintain the enterprise’s security documentation (policies, standards, procedures and guidelines) in the corporate ISMS.
Deployment
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attack and threat vectors.
- Work as part of a team to select, test and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Participate in the deployment, integration and initial configuration of new security solutions and enhancements to existing security solutions in accordance with best practices.
Operational Management
- Ensure the confidentiality, integrity and availability of the data residing on or transmitted to or from enterprise systems, on premise or in the cloud.
- Participate in all investigations into security events or incidents and provide communication to senior management.
- Participate in designing and executing vulnerability assessments, penetration tests and security audits.
- Engage in ongoing communications with peers in the DevOps, Engineering and Networking groups as well as the various business groups to ensure enterprise-wide understanding of security goals, and solicit feedback and foster co-operation.
- Understanding of wired and wireless network security devices.
KNOWLEDGE, SKILLS AND ABILITIES: |
EDUCATION: Bachelor's degree in Engineering or Computer Science or equivalent combination of education and work experience. Any security certifications are a plus.
REQUIRED EXPERIENCE: 2 years information security or related engineering experience. Ability to work with the Engineering and Infrastructure teams in implementing security controls. Ability to articulate vulnerability and risk based on a technical security posture. Ability to support the development of system level plan of action and milestones.
2 years experience in:
- Deployment, support of Security Devices including Web Application Firewalls, Intrusion Detection Systems, SIEM, third party tools, (URL filtering, Varonis, Tripwire);
- Vulnerability assessments and penetration tests;
- Ensuring compliance with security policies and procedures.
- Measure, track and report the security vulnerability status of IT assets.
- Experience with cloud environments and cloud security
DESIRED EXPERIENCE:
- Experience with compliance with Payment Card Industry Standards (PCI or PCI DSS);
- Familiarity with GDPR compliance
SKILLS:
- Demonstrated on-the-job experience assuring software applications adhere to continuous monitoring and compliance with security controls.
- Knowledge and experience with key management.
- Knowledge and practice utilizing role-based access control and certificates to authenticate end points, system processes, and users.
- Experience and knowledge of penetration testing methodologies and tools.
- Base knowledge of exploit techniques and hacker methodologies.
- Demonstrated on-the-job experience writing and reviewing risk assessment and mitigation reports.
- Ability to communicate security-related concepts to a broad range of technical and non-technical staff.
- Base knowledge of IP based applications (WWW, SMTP, DNS, SNMP, etc.).
- Base knowledge of protocol filtering, network security and packet level analysis tools to resolve network security problems.
- Understanding of wired and wireless network security devices.
- Any experience Verizon MSSP, Imperva, McAffee, Varonis, TripWire, Tufin, Websense, Ironport, Splunk, Netbrain, or Netwrix products a plus.
COMPLEXITY:Proven troubleshooting and problem solving skills. Base understanding of networking concepts and project management skills.