IT Security Engineer

About the job

 

 

Berkley Technology Services (BTS) is a dynamic company committed to providing world class IT services. We offer a unique culture, enabling our team members to be on the cutting edge of technology while delivering high quality solutions. We are looking for outstanding individuals who will bring unique perspectives, insight and innovation to our teams. BTS, a member company of W. R. Berkley Corporation, has facilities located in Des Moines, Iowa and Wilmington, Delaware. Our functions include working with various third parties to develop, integrate, and support insurance systems of WRBC’s operating units. BTS strives to provide these functions in a holistic manner including helpdesk support, system connectivity, and operational support. Additional responsibilities include coordinating communications regarding best practices in the use of our supported systems and researching new technology. At BTS, there are opportunities associated with being a part of an established and empowering corporation while maintaining a positive personal working environment. Additionally, we provide a competitive compensation and benefits package including a casual dress code. BTS is constantly growing and expanding to meet the changing demands of one of the most successful insurance organizations in the world. Visit us at berkley-bts.com to learn more information.

 

The information security analyst will work as an integral component of the company’s Application Security team. The incumbent will focus on application penetration tests, automated ethical hacking, and static source code analysis within the SDLC. The candidate will be accountable for establishing consensus with stakeholders to reduce cyber risks while minimizing broader operational impact.

  • Drive development of a holistic application security program.
  • Conduct manual ethical hack assessments of high-risk web applications.
  • Rate the severity of defects and publish comprehensive reports detailing associated risks and mitigations.
  • Support broader vulnerability management processes to measure exploitability of vulnerabilities more precisely
  • Reduce the cost of vulnerability remediation by identifying defects early within development lifecycle.
  • Good understanding of security processes, procedures, & tools.
  • Capable of performing security reviews of general-purpose operating systems and network devices.
  • Ability to work in teams to improve security posture.
  • Clearly organize work load to be able to project manage remediation activities.

 

Education Requirement

  • Bachelor’s Degree in Computer Science or related field with 6-10 years’ experience in application security.
  • Security+, CISA, GSEC or similar certification considered however, not required.

 

  • Proven understanding of OWASP top 10 vulnerabilities.
  • Good grasp on popular CMS frameworks and best practices.
  • Strong coding background with the ability to write scripts when needed.
  • Granular knowledge of HTTP request building/fuzzing and the ability to analyze traffic in a local proxy.
  • Strong understanding of XML, SOAP, and AJAX.
  • Ability to fully document vulnerabilities found within applications.
  • Setup demonstration meetings with developers to understand the flow of applications.
  • Setup remediation meetings and vulnerability tracking before applications go into production.
  • Integrate developers with the SDLC process utilizing dynamic and static code review processes.
  • Proficiency in Linux (Kali) and the Metasploit framework and with common Kali standard tools such as nikto, dirbuster, sqlmap, nmap, etc.
  • Knowledge of defect tracking tools such as Jira.
  • Ability to work with metrics to help analyze and prioritize vulnerabilities for remediation.
  • Work on process and procedure to create repeatable and consistent processes and documentation around management of vulnerabilities.
  • Strong written and oral communication skills in order to define business and technical parameters and lead team to meet business requirements.
  • Excellent organizational and project management skills.
  • Proven ability to work well in a deadline-oriented environment.
  • In-depth knowledge and experience with triage and investigation of vulnerability data.
  • Proven stakeholder management at technical and executive levels is a must.
  • Ability to work with regulatory, legal and security best practices including General Data Privacy Regulation (GDPR), NYS DFS 23 NYCRR Part 500, Sarbanes-Oxley (SOX), ISO 27001/27002.
  • Knowledge of program and project management experience a strong benefit.
  • Proven ability to prioritize work load, work effectively on concurrent tasks, and be able to meet project deadlines.
  • Insurance and/or financial experience is desired, preferably within the commercial property and casualty lines
  • Strong computer skills, including Microsoft Word and Excel.
  • Strong technical and analytic aptitude.
  • Excellent organizational and planning skills.
  • Highly organized and detail oriented – able to function under pressure, trouble shoot, emplace structure where necessary and prioritize between competing activities.
  • Approachable and outgoing with excellent verbal and written communication skills.
  • Takes ownership and maintains accountability.
  • Proven self-starter with energy, passion and drive.
  • This role will suit a candidate with experience working for smaller organizations where they have been highly visible to the business and where initiative and pro-activity are key.
  • Emotional intelligence and ability to get on with people and to get the best from them.
  • Travel expected – minimal

More Information

Apply for this job

Leave your thoughts