Information Security Engineer

• Conduct vulnerability assessments for all types of applications, systems and networks.
• Communicate security vulnerabilities and corrective actions to various internal groups and validate remediation.
• Performing code reviews to find vulnerabilities and fix

• Utilize commercial and open source vulnerability assessment tools.
• Perform manual verification of vulnerabilities - reduction of false positives.
• Create assessment reports and present them to management and technology professionals.
• Develop metrics for tracking and analyzing vulnerability information.
• Assist in regular penetration testing.
• Develop and maintain internal tools and task automation using AI
• Stay current on information security threats.
• Train security team members on vulnerability management process and tools.

• Bachelor's degree in Engineering, Computer science or equivalent
• 3 to 5 years experience.
• Possess certification/s related to Vulnerability Assessment such as GIAC, CEH.
• Must possess excellent written and verbal communication skills.
• Hands-on experience with performing network vulnerability assessments.
• Hands-on experience with performing Application scans and code reviews of application codes developed in various technologies.
• Knowledge of OWASP tools and methodologies
• Competency with network security and information security concepts and technologies.
• Thorough knowledge of the Windows OS as well as Linux and Unix variants.

• Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
• Experience with web application vulnerability scanning tools (, HP Webinspect, , Burpsuite Pro)
• Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
• Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
• Experience presenting to or training technical audiences a plus.
• A technical writing experience and/or web development tools is a plus.

Altisource