Sr. Security Engineer (Threat Modeler) - Long Term Project - Remote (US)

Location : Remote (US)

Duration : 12+ months Long Term Project

Compensation : $75.00-87.00 / hr

Work Requirements : US Citizen, GC Holders or Authorized to Work in the U.S.

Project :

EIS AppSec has implemented a baseline threat modeling program to satisfy minimum requirements. Strategic direction is to expand threat modeling beyond singular applications to environments, systems of systems, dataflows, workflows, and business processes. Enterprise-wide expansion is desired which will require threat modeling to be imbedded within DevSecOps and SDLC / CI-CD operations. Threat modeling should be applied as new tenants / systems / enclaves are planned to ensure compliance, security, and monitoring are in place as they are deployed.

This position will work with development teams to understand their project(s), analyze the proposed architecture for threat vectors, provide recommendations on how to securely deploy the technology, and provide reporting and metrics to measure the program's success. Threat modeling is currently executed using SD Elements.

Duties :

• Responsible for participating with the Information Security team to plan, develop, and execute vulnerability and policy compliance assessments.
• Configures enterprise vulnerability assessment tools, performs internal / external scans, analyzes detected vulnerabilities, identifies the relevant threats and eliminates false positives through manual validation.
• Generates reports on assessment findings and summarizes them to facilitate remediation tasks for other operational teams.
• Will create and updates procedures for the vulnerability and compliance assessment process, including procedures on using the assessment tool.
• Work with operation teams and stakeholders on building the asset inventory and grouping.
• Review and update security standards.
• Will create and maintain compliance controls based on company's security standards.

Qualifications :

• Skills required are current or previous experience with vulnerability and compliance process and assessment, administration preferred.
• Recent hands on experience with Policy Compliance product and building customized controls.
• Solid working experience and knowledge of
• mix operating systems (admin skill in Linux / AIX a plus).
• Knowledge of Windows networking, windows domains and active directory, GPOs and end-point security.
• Performed system hardening based on security standards.
• Ability to perform threat, vulnerability and risk assessments against environment.
• Experience in preparing reports and metrics on the status of completed assessments, progress of remediation actions and performance of the assessment tools.
• Knowledge in industry and government security standards (NIST, CIS, etc.).
• Familiarity with standard security best practices and vulnerability management processes including compliance reporting.
• Excellent verbal and written communication skills, as well as organization and presentation skills.
• 6-7 years of experience.

Our benefits package includes :

• Competitive pay
• and much more!

About INSPYR Solutions

Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.

INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.