IT Security Engineer
- Full-Time
- Medford, MA
- Agero
- Posted 3 years ago – Accepting applications
Ahead of the Curve.
Agero is powering the next generation of software-enabled driver safety services and technology, pushing the limits of big data to transform the entire driving experience. The majority of leading vehicle manufacturers and insurance providers use Agero's roadside assistance, accident management, dispatch, consumer affairs and telematics innovations to strengthen their businesses and create stronger, lasting connections with their customers. Together, we're making driving smarter and safer for everyone.
Position Summary:
As a member of the Agero Security Team, this position is responsible for protecting data and information systems from unauthorized access, use, disclosure, disruption, modification or destruction; and protecting information and other valuable assets stored within facilities. The Security Engineer will also work to ensure successful completion of vulnerability audits and assessments, as required. This role covers systems that are located on premise or in the cloud and assists with developing network security to protect electronic information in transit over networks. The Security Engineer will be involved in a wide range of projects including developing methodologies requiring security best practices and use of industry standards.
Key Outcomes
- Next Gen AV/EDR: Monitor alerts and as necessary provide escalations to the appropriate teams
- SOC: Monitor and follow up and analyze reports and alerts from the SOC team and as necessary provide escalations to the appropriate teams.
- Analyze and deeply understand the distribution of compliance with internal controls across the organization.
Essential Functions:
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attack and threat vectors.
- Monitor security alerts and maintain security tools.
- Work as part of a team to select, test and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Participate in the deployment, integration and initial configuration of new security solutions and enhancements to existing security solutions in accordance with best practices.
- Ensure the confidentiality, integrity and availability of the data residing on or transmitted to or from enterprise systems, on premise or in the cloud.
- Participate in all investigations into security events or incidents and provide communication to senior management.
- Participate in designing and executing vulnerability assessments, penetration tests and security audits.
Knowledge, Skills & Abilities:
Education: Bachelor's degree in Engineering or Computer Science or equivalent combination of education and work experience. Any security certifications are a plus.
Experience: 2-4 years information security or related engineering experience. Ability to work with the Engineering and Infrastructure teams in implementing security controls. Ability to articulate vulnerability and risk based on a technical security posture. Ability to support the development of system level plan of action and milestones.
2 years' experience in:
- Demonstrated on-the-job experience assuring software applications adhere to continuous monitoring and compliance with security controls.
- Experience in Antivirus/EDR, mail security gateways, Splunk or ELK analysis
- Understanding of wired and wireless network security devices.
Preferred Experience
- Ensuring compliance with security policies and procedures.
- Measure, track and report the security vulnerability status of IT assets.
- Experience with cloud environments and cloud security
- Knowledge of vulnerability assessments
- Base knowledge of exploit techniques and hacker methodologies.
- Scripting and/or coding experience
Skills:
- Knowledge and experience with key management.
- Knowledge and practice utilizing role-based access control and certificates to authenticate end points, system processes, and users.
- Knowledge of securing modern desktop and server operating systems
- Knowledge of MS Enterprise Active Directory maintenance and best practices.
- Knowledge of network security
Complexity: Proven troubleshooting and problem-solving skills. Base understanding of networking concepts and project management skills.
Available on a 24 x 7 basis and occasionally work nights and/or weekend hours for major implementations to minimize impact on the organization.
THIS DESCRIPTION IS NOT INTENDED TO BE A COMPLETE STATEMENT OF JOB CONTENT, RATHER TO ACT AS A GUIDE TO THE ESSENTIAL FUNCTIONS PERFORMED. MANAGEMENT RETAINS THE DISCRETION TO ADD TO OR CHANGE THE DUTIES OF THE POSITION AT ANY TIME.