Senior Information Security Engineer at CoStar Group (Washington, DC)

Desired Skills and Experience

• Bachelor’s Degree in Computer Science (or related field)
• Minimum 3 years’ total experience in Information Technology, with at least 2 years specifically in Information Security.
• One or more security certification such as SANS/GIAC, CISSP, CISA, CISM, CEH, required
• Scripting/programming skills (PowerShell, Bash, Perl, Python) and familiarity with ethical hacking
• Experience with Windows Server 2008/2012, RHEL, and CentOS
• Knowledge of UNIX and Windows environments as may pertain to Network and Security tasks including syslog, DNS, load balancers, Windows Event Log
• Review technical security posture (network, application, database) for existing and newly acquired businesses or services
• Perform security review and monitoring of the production environment setup permissions of users, open ports/services and overall network setup
• Examine network, server, and application logs to determine trends and identify security incidents
• Use security tools to audit infrastructure, detect issues and coordinate remediation of any issues
• Manage Payment Card Industry (PCI) requirements such as internal/external network scanning and cryptography methodologies
• Perform monthly scans of the internal and external networks for critical or high vulnerabilities for adherence to PCI and SOX
• Set up dashboards and review production logs and look for patterns of possible security incidents SIEM solutions such as Splunk, QRadar, LogRhythm, ArcSight, and ELK
• Follow, develop and improve network and security configuration procedures
• Review requests for increased network access and provide risk-analysis.
• Deliver, maintain and improve security awareness training.
• Manage endpoint security tools like antivirus, antimalware and incident response tools.
• Experience with various security tools such as Retina, Nessus, FireEye, Snort, Nexpose, McAfee, Symantec, Carbon Black, BlueCoat, NMap, Metasploit, etc.
• Work with other teams to remediate discovered deficiencies.
• Requires excellent oral and written communication skills to work effectively with others regardless of departmental or geographic boundaries
• Requires the ability to produce detailed technical documentation
• Requires experience developing and presenting recommendations to peers and management
• Requires good organization skills to produce quality work, within required specifications, and within scheduled timelines
• The position requires individual initiative and ability to influence events, rather than passively accepting them, in order to achieve goals. This means being proactive and a self-starter and going beyond specific job responsibilities to ensure goals are achieved or exceeded