Senior Security Engineer

• This person is responsible for the preservation of the confidentiality, integrity, and availability of customer data.
• The Security Engineer reports to the customer Director of Information Security and delegates and is responsible for all tasks as assigned.
• The position is interdisciplinary, with a wide range of desired technical and non-technical expectations including, but not limited to:
• Operation and administration of enterprise-level web application firewalls, application delivery controllers, vulnerability scanners, web content filtering systems, intrusion prevention systems, and security information and event management systems.
• Implementation and oversight of social media security processes.
• Organization and analysis of patch management processes and procedures.
• Participation and analysis of cyber threat intelligence efforts.
• Monitoring systems and response to alerts, events, and/or incidents.
• Preparation of briefings/reports as needed to keep senior management informed of security projects.
• Adaptability, flexibility, and the ability to do quality work under tight deadlines.
• Prepare security standards, policies, and procedures.
• Conduct system security and vulnerability analyses and risk assessments.

• Design, implement, maintain, and operate security technologies including reverse proxies, forward proxies/web filtering, web application firewalls, IPS/IDS, SIEM, password management, DLP, vulnerability scanners, and other applications and appliances.
• Administration and hardening of Windows 8.1 and 10 desktop and mobile clients and Windows Server 2012 and later servers.
• Identity and access management and administration of Active Directory Domain Services.
• Encryption and data protection using Public Key Infrastructure and x.509 certificates and administration of Active Directory Certificate Services.
• Virtualized systems administration using Hyper-V, VMWare, and Azure IaaS.
• Routing, DMZ, VPN, IPSec, DNS, firewalls, intrusion detection systems, DoS attacks, 802.11, GSM, EV-DO, radio frequencies and technologies, Wireless Security, and RADIUS.
• Application Security including SDL, cross-site scripting, cross site request forgery, SQL and command injection attacks, threat modeling, fuzzing, malware, and Trojans.
• Enterprise hardening techniques including Pass the Hash/Golden Ticket Mitigation, LAPS, Lateral Traversal Mitigation, and Tier-0 Account Protection.
• Solid experience with public key infrastructure (PKI)
• Experience with certificate lifecycle management
• Solid experience with Microsoft Certificate Services
• Experience with commercial Certificate Authority providers
• Strong proficiency in cryptography
• Good understanding of secure coding techniques and IT security principals in general
• Experience in building and setting up Sonatype Nexus-IQ server and Nexus NXRM.
• Experience in scanning the packages using Nexus-IQ server for security and vulnerability check
• Provide technical recommendations on how to improve their Software Supply Chain and DevSecOps practices using Sonatype solutions.
• Add Nexus Firewall to stop OSS risk from entering your SDLC using next-generation behavioral analysis and automated policy enforcement.
• Must have experience with CI/CD
• Familiarity with tooling used in the SDLC, including VCSs (e.g., git, svn, etc.), modern build tools (e.g., Jenkins), package managers (e.g., Maven, Gradle, Nuget, NPM, etc.), artifact repositories (e.g., Nexus), continuous delivery technologies (e.g., Puppet, Chef, Udeploy, XL Deploy, etc.), container technologies (e.g., Docker, Kubernetes, Openshift, etc.)

businessexcellence@aptask.com

About ApTask:
ApTask is a leading global provider of workforce solutions and talent acquisition services, dedicated to shaping the future of work. As an African American-owned and Veteran-owned company, ApTask offers a comprehensive suite of services, including staffing and recruitment solutions, managed services, IT consulting, and project management. With a focus on excellence, collaboration, and innovation, ApTask provides unparalleled opportunities for professional growth and development. As a member of the ApTask team, you will have the chance to connect businesses with top-tier professionals, optimize workforce performance, and drive success across diverse industries. Join us at ApTask and be part of our mission to empower organizations to thrive while fostering a diverse and inclusive work environment.

Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.

Candidate Data Collection Disclaimer:
At ApTask, we prioritize safeguarding your privacy. As part of our recruitment process, certain Personally Identifiable Information (PII) may be requested by our clients for verification and application purposes. Rest assured, we strictly adhere to confidentiality standards and comply with all relevant data protection laws. Please note that we only collect the necessary information as specified by each client and do not request sensitive details during the initial stages of recruitment.

If you have any concerns or queries about your personal information, please feel free to contact our compliance team at

businessexcellence@aptask.com