CoStar provides industry professionals and consumers of commercial real estate and apartments with critical knowledge to explore and complete transactions by offering the most comprehensive, timely and standardized information on commercial real estate and apartments and the right innovative tools to be able to effectively utilize that information. 

We are looking for a smart, creative and passionate Security Engineer to help continue improving our information security posture at The CoStar Group. You will engage with all departments of The CoStar Group helping drive and shape the way we manage the protection of our customers and our ever growing data environment.

We’re looking for someone who has the ability to communicate and reinforce security concepts to technical and non-technical audiences within the CoStar Enterprise. Additionally, the candidate must have experience implementing, using and updating standard security software in the areas of vulnerability scanning/management, Security Information and Event Management (SIEM) and end-node security. Experience with endpoint security and forensics management and administration. As the security section grows, so will the tools and the Security Engineer will be the person charged with implementing them. The successfully candidate will be a self-starter motivated to learn new technologies and tools and assist in moving security forward as it is implemented within the CoStar Enterprise.

Desired Skills and Experience

  • Bachelor’s Degree in Computer Science (or related field)
  • Minimum 3 years’ total experience in Information Technology, with at least 2 years specifically in Information Security.
  • One or more security certification such as SANS/GIAC, CISSP, CISA, CISM, CEH, required
  • Scripting/programming skills (PowerShell, Bash, Perl, Python) and familiarity with ethical hacking
  • Experience with Windows Server 2008/2012, RHEL, and CentOS
  • Knowledge of UNIX and Windows environments as may pertain to Network and Security tasks including syslog, DNS, load balancers, Windows Event Log
  • Review technical security posture (network, application, database) for existing and newly acquired businesses or services
  • Perform security review and monitoring of the production environment setup permissions of users, open ports/services and overall network setup
  • Examine network, server, and application logs to determine trends and identify security incidents
  • Use security tools to audit infrastructure, detect issues and coordinate remediation of any issues
  • Manage Payment Card Industry (PCI) requirements such as internal/external network scanning and cryptography methodologies
  • Perform monthly scans of the internal and external networks for critical or high vulnerabilities for adherence to PCI and SOX
  • Set up dashboards and review production logs and look for patterns of possible security incidents SIEM solutions such as Splunk, QRadar, LogRhythm, ArcSight, and ELK
  • Follow, develop and improve network and security configuration procedures
  • Review requests for increased network access and provide risk-analysis.
  • Deliver, maintain and improve security awareness training.
  • Manage endpoint security tools like antivirus, antimalware and incident response tools.
  • Experience with various security tools such as Retina, Nessus, FireEye, Snort, Nexpose, McAfee, Symantec, Carbon Black, BlueCoat, NMap, Metasploit, etc.
  • Work with other teams to remediate discovered deficiencies.
  • Requires excellent oral and written communication skills to work effectively with others regardless of departmental or geographic boundaries
  • Requires the ability to produce detailed technical documentation
  • Requires experience developing and presenting recommendations to peers and management
  • Requires good organization skills to produce quality work, within required specifications, and within scheduled timelines
  • The position requires individual initiative and ability to influence events, rather than passively accepting them, in order to achieve goals. This means being proactive and a self-starter and going beyond specific job responsibilities to ensure goals are achieved or exceeded