Senior Security Engineer

About the job

ICON is looking for a Senior Security Engineer to support information security initiatives on ICON’s growing technology team. As the Senior Security Engineer at ICON, you will be responsible for solving a wide range of issues to improve the current and future security posture that we need to further ICON’s mission of making dignified housing accessible to everyone and advance humanity with our technology. This role is based at ICON’s Austin, TX lab and will report to the Director of Digital Infrastructure & Security on ICON’s Digital Infrastructure team.

Responsibilities

• Actively manage the implementation of a variety of platforms including SEIMs, IDS/IPS, firewalls, WAFs, anti-malware, EDR, Encryption, configuration management, vulnerability scanning, penetration testing, CASB, DLP, and more.
• Focus on security technologies (NGFW, WAF, NAC, remote access, SWG, DLP, CASB, IPS/IDS) and/or cloud security (securing public/private cloud resources).
• Build resilient security platforms/services with strong monitoring and alerting and encouraging automation for operational processes and orchestrating workflows.
• Participate in the creation of roadmaps for current security capabilities.
• Partner with the IT operations team, network engineering team, software team, and operations personnel within ICON to implement changes to process and technology.
• Analyze threats and current security controls to identify gaps in current defensive posture.
• Help develop communications and actively promote related campaigns for information security awareness; manages security awareness testing tools.
• Participate in rotating after hours on-call schedule.
• Keep current on organization’s business practice, technology, security issues and legislation that impact the company’s security policy.
• Maintain technical security documentation including the System Security Plan (SSP).
• Build out an industry-leading cybersecurity toolkit.

Minimum Qualifications

• 8+ years’ professional experience in security engineering or technical security consulting.
• Bachelor’s degree or equivalent work experience in a technical discipline related to Information Technology or Information Security.
• Expert-level working knowledge and deep understanding of cybersecurity as it relates to cloud implemented and cloud native technologies and securing public and private cloud resources.
• Hands-on experience with endpoint security technologies (EDR/XDR, SWG, DLP, CASB etc.)
• Hands-on experience with network security technologies (IPS/IDS, SIEM, NGFW, WAF, NAC, etc.)
• Hands-on experience with application and network vulnerability scanning tools (Nessus, Nmap, ZAP, etc.) and other pen testing tools (Kali, Metasploit, Wireshark, Burp, etc.)
• Experience with major cloud service providers (Azure, AWS, GCP).
• Hands-on experience with securing private cloud resources, vulnerability management, and incident handling.
• 3+ years’ experience with at least one scripting or programming language (Python, Go, Ruby, etc.)

Preferred Skills And Experience

• Certifications such as CISSP, GIAC (GCED, GCIH, GPEN, GCPN, GCSA, GCPS, GMON, GDSA, etc.), SSCP, CEH, CCSP or other industry certifications customarily held by security professionals.
• Computer and network forensics experience.
• Industrial Control Systems (ICS) security experience.
• GRC experience.

ICON is an equal opportunity employer committed to fostering an innovative, inclusive, and discrimination-free work environment. Employment with ICON is based on merit, competence, and qualifications. We provide employment opportunities without regard to age, race, color, national origin, religion, disability, sex (including pregnancy, sexual orientation, or gender identity), genetic trait, veteran status, or any other protected characteristic in accordance with applicable law. If there are accommodations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

Headhunters and recruitment agencies may not submit candidates through this application. ICON does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with ICON.