Senior Cyber Security Engineer - Application Security

Job Expired

Ameris Bank is a purpose-driven company, dedicated to bringing financial peace of mind to communities, one person at a time. Whether a customer wants to grow their business, buy a home, or feel confident in their retirement plan, they have a partner in Ameris Bank. We serve customers in our locations across the Southeast, Mid-Atlantic and nationwide through our extensive digital offerings and mobile app.

Delivering financial peace of mind starts with a team that values integrity and rewards ingenuity. At Ameris, you’ll find teammates who are inclusive, collaborative problem-solvers who go the extra mile to support one another and to meet every customer’s needs. When teammates are empowered and bring their diverse perspectives to the table, we create the best possible outcomes for our customers. At Ameris, we know that a growth mindset is key for high performance and fosters an environment that prioritizes continuous improvement. Teammates have access to Employee Resource Groups that serve as advocates and allies as well as professional development opportunities to drive ongoing education. Learn more about our purpose and how you can bring it to life as an Ameris Bank teammate.

The Senior Cyber Security Engineer is responsible application security testing and consulting, vulnerability management, cyber security engineering & administration of designated cyber security systems and processes. Collaborates with Cyber Security and IT support staff and management to fulfill the role. Other duties as assigned.

Essential Functions, Duties, and Responsibilities:
• Leads Application Security Testing
• Leads Static Code Analysis, Dynamic Web Application security scanning
• Identifies cyber security technical and process areas for improvement and identifies and remediates security deficiencies, and reports findings to the Information Security team
• Azure, AWS security consulting
• Knowledgeable of offensive security testing techniques and tools
• IaC (infrastructure as code) security consulting
• Vulnerability Management consulting
• Provides guidance on application security through CICD process including static & dynamic analysis and produce secure coding best practices.
• Assist in selection, design, build, deployment and support of cyber security technology and processes
• Documents procedures to maintain and manage security controls, and maintains documentation for assigned security controls
• Review security changes for impacts to organization
• Help to establish security standards and procedures
• Adheres to Change Control processes and observes SLAs
• Assist with administering security policies, standards, and procedures
• Assist with Identification of compliance and vulnerability risks and facilitate remediation tasks
• Performs as senior expert to junior resources
• Maintain current and relevant knowledge of common host, network, and security protocols
• Identifies, researches, and resolves technical problems.
• Responds to requests for technical support.
• Documents, tracks, and monitors problems to ensure a timely resolution.
• Communicates with other departments to report and resolve infrastructure issues.
• Collects and analyzes data utilization information to provide improvements and efficiencies gains.
• Determines migration and upgrade impacts and diagnose/resolve complex technology/application errors
• Ensure relevant cyber security services and systems are achieve 24×7 service operation uptime.
• Assist in the process for vulnerability and patch management ensuring they are compatible with the company‘s business needs and strategic objectives
• Performs after hours activities as needed to support the environment and technologies

Required Knowledge, Skills and Competencies:
• Experience with source code management tools (on-prem and Cloud), Infrastructure as code & static code analysis technologies
• Experience with well-known vulnerability management technologies
• Must be very technical, hands-on, well-rounded in the information security space.
• Preference for experience with commercial enterprise security tools
• Experience operating commercial enterprise security tools in a mid-sized to large enterprise
• Advanced understanding of OS and Network security best practices and strategies.
• Red team or Blue team experience is a preferred skill set
• Vulnerability Management skills are preferred
• Analytical – Uses intuition and experience to complement data.
• Problem Solving – Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions.
• Customer Service – Responds promptly to customer needs.
• Oral Communication – Listens and gets clarification; Responds well to questions.
• Adaptability – Able to deal with frequent change, delays, or unexpected events.
• Dependability – Follows instructions, responds to management direction; Takes responsibility for own actions.
• Judgment – Exhibits sound and accurate judgment.
• Professionalism – Approaches others in a tactful manner; Reacts well under pressure; Treats others with respect and consideration regardless of their status or position.
• Security and Capacity management and process automation and improvement.
• Proficiency in scripting of packaged installation of patches, software and configuration changes.
• Strong understanding of Internet/IP related technologies and excellent understanding of network, system and application security.
• Ability to self-manage, prioritize multiple projects and meet deadlines.
• Experience with security automation tools preferred.
• Continuously evaluating, designing and implementing security solutions to improve the confidentiality, integrity and/or availability of the firm’s intellectual property and systems.
• In-depth knowledge of Windows and Linux security best practices.
• Partner with the internal team and business on forward-thinking security policies and procedures as needed
• Detailed understanding of multiple security domains: Network, Data, Identity, Application, Cloud, etc.
• Network concepts and advanced working skills with various network technologies.
• Proficient knowledge packet capture analysis and reporting (Expert knowledge preferred)

Industry and Work Experience:
• 6+ years of work experience in a hands-on technical role demonstrating expert knowledge in design and engineering of IT and cyber security systems.
• Mid-sized to large environment support experience preferred.
• Financial industry experience preferred.

Academic:
• High school diploma or GED required
• Bachelor’s degree preferred (Information Systems or related discipline) or relevant work experience; other relevant technical certifications are considered a positive

Disclaimer:

The above job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required for the position.

All job requirements are subject to possible modification to reasonably accommodate individuals with disabilities. Some requirements may exclude individuals who pose a direct threat or significant risk to the health and safety of themselves or other employees.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)