Info Security Engineer 2

Job Duties:

1. Planning, assessing, and deploying new VM technologies, such as Tenable (vulnerability scanning engines) and Wiz (cloud security vulnerability management).
2. Learn, serve, and maintain knowledge of/as VM Subject Matter Expert (SME), especially for infrastructure.
3. Assist internal and external partners with integrations of security technologies and provide guidance on best practices.
4. Mentor Interns and Junior Security Engineers (Professional development).
5. Identify, document, and prioritize fixes for security gaps across the Copart environment, providing recommendations to remediate/address, wherever possible.
6. Conduct security assessments of existing infrastructure (on-prem and cloud).
7. Be willing to learn new cybersecurity technologies (Certifications, self-study, conferences, participating in the security community, etc.).
8. Propose & present security risks to management and help design solutions.

Requirements:

• 3+ years of experience in Cyber Security Engineering or similar position.
• Required: Knowledge about Cyber Security technologies/concepts such as Systems, Infrastructure, Vulnerability Management, Scripting.
• Working knowledge of various security standards and compliances such as NIST, CIS, GDPR, PCI-DSS.
• Basic understanding of networking protocols and their functionality.
• Hands-on experience with all phases of Security tools deployment such as initial assessment, planning, designing, deployment, ongoing management, etc.
• Coding/automation/scripting knowledge highly desired (Python, PowerShell, etc.).
• Great communication & presentation skills; ability to explain complex technical issues to a non-technical audience.
• Previous experience with infrastructure technologies such as Active Directory, Server Management, O365, Endpoint management, Network management, etc. is a plus. Security Orchestration, Automation and Response (SOAR) experience desired.
• Previous experience working with cloud technologies (from a security perspective) such as AWS, Azure, GCP is a plus.
• Knowledge/Experience of other Cyber Security fields such as Incident Response, Threat Intelligence, Risk and Compliance, etc. is a plus.
• Knowledge/Experience with AdvancedVM use-case development is a plus.
• Knowledge/Experience with developing/conducting security audits is a plus.
• Knowledge/Experience with integrating AdvancedVM & SIEM is a plus.