[BBLISA-jobs] Sr. Security Engineer in Waltham, MA

[Adam Moskowitz]

My group is looking to hire a Senior Security Engineer; the job
description is below. If you fit the bill, or know anyone who does,
please contact me.

AdamM


> The Senior Security Engineer will report to the Manager of Network and 
> Systems Engineering.  The successful candidate will work with 
> technical and business teams to oversee, coordinate, develop, and 
> implement security policies, procedures, and technologies.
> 
> Responsibilities include:
> 
>  - Provide internal technical audits of Constant Contact systems,
>    including Unix system security, network security technologies
>    (firewall/IDS/VPN), and database security.
>  - Communicate security risks and attack vectors with internal
>    stakeholders, and help to determine the severity of potential
>    security incidents.  Provide feedback on best ways to mitigate risk.
>  - Specify and implement enterprise-wide security technologies and
>    procedures, including identity management.
>  - Provide hands-on network and system administration support during the
>    implementation of security technologies, including configuration of
>    Unix systems and Cisco/Juniper firewalls, routers, and switches.
>  - Coordinate response to security-related incidents, including working
>    with our Abuse teams, legal department, and law enforcement agencies as
>    required.
>  - Develop, document, and communicate security-related corporate
>    polices.
> 
> Qualifications:
> 
>  - 7 - 10 years of information security experience, including experience
>    at a rapidly growing organization
>  - Broad understanding of information security systems, including the
>    legal and technical frameworks in which they operate.  
>  - In-depth understanding of system and application security, including
>    the ability to protect systems against external attack and enable
>    auditing of system activities.
>  - Ability to document and communicate policies and best practices to both
>    technical and non-technical audiences at all levels of an organization,
>    including senior management.
>  - Experience completing technical audits, preferably following an
>    industry accepted audit framework.
>  - Familiarity with cryptographic protocols such as SSL and SSH, and
>    algorithms such as MD5, SHA1, DES, etc.
>  - Solid understanding of risk management, business continuity planning,
>    and technical auditing.
> 
> Also Desirable:
> 
>  - Relevant industry certifications, such as CISSP, CISA.
>  - Familiarity with email security and anti-spam best practices,
>    including SPF/SenderID, DomainKeys/DKIM, and CAN-SPAM.
>  - Ability to provide guidance in meeting requirements of various legal
>    and industry frameworks, including PCI, Sarbanes-Oxley, and related
>    standards.
>  - Familiarity with Java and web application coding standards and best
>    practices; ability to document and communicate those standards.