Position: Full-time + benefits
Salary: Competitive based on experience
Experience: 10+ years
Location: Dunwoody, GA
Visa Candidate Considered: No
Relocation Assistance: No
Notice: Candidates requiring C2C or candidates submitted by staffing firms will not be considered.
Our Promise To You
When you send your resume to Craftlogic, it does not go into a black hole. If you don't get a response in 3 business days, please let us know because we screwed up and we apologize. We offer several ways for you to contact us. 1) Schedule a call with a recruiter, 2) send us an email, 3) click the chat widget at the bottom left of the page to chat with one of our talent scouts in real-time. We respond to every resume we receive. That's our promise to you.
Our client has 20 years of payment processing experience providing simple and secure payment processing, which allows their clients to accept all forms of payment, get paid faster, and increase efficiency.
- Serves as a core member of the InfoSec group performing varying security duties including threat awareness, network analysis and incident response.
- Supports internal and external security regulatory compliance framework and audit processes.
- Collects and prepares documentation from various systems and collaborates with Information Technology and Business Departments in preparation for external regulator examinations and other audits.
- Tracks the status of Information Security exposures, and works with Information Technology and other stakeholders to remediate them.
- Performs limited IT Audit activities and testing of controls for critical applications.
- Support vulnerability scanning activities, interprets the results, and validates potential exposures. Experience with tools such as Nessus, Qualys, Burp Suite, NMAP, Metasploit and other similar tools.
- Works with day-to-day monitoring and alerting of Security Information and Event Management (SIEM) technologies.
- Helps with the creation of monthly metrics reports as directed by the Head of Architecture.
- Performs analysis of logs from various systems to identify unexpected or malicious activity.
- Reviews the privilege levels deviations based on Windows domain and application-specific roles.
- Performs system certification by reviewing servers and workstations against a baseline checklist to ensure only certified systems will be allowed to join the network.
- Supports the implementation of new Information Technology capabilities by participating in product evaluations, rollout plans, and system testing.
- Evaluates a wide range of data, including logs, SumaLogic data, Extra Hop, centralized syslog, authentication logs, and others to detect security incidents. Take timely action as appropriate: block problem traffic, send alerts and/or investigate when suspicious activity is detected.
- Works with Information Security management to develop and maintain security policies, practices and standards.
- Ensures full compliance with standards, policies, and procedures.
- Supports Information Security education and awareness program activities.
- Stays informed on trends and issues in the security industry, including current and emerging technologies.
- Performs other duties as assigned.
- Requires the ability to communicate effectively, both verbally and in writing, with individuals and groups.
- Proficient in spreadsheet and word-process applications.
Minimum Qualification Requirements
- Strong knowledge of secure coding practices.
- Auditing, penetration testing and forensics experience.
- Solid understanding of general cloud infrastructure security.
- 3+ years industry experience in AWS infrastructure engineering or related field.
- Experience securing AWS and its services such as EC2, Lambda, ELB, ECS, IAM, S3, RDS, CloudTrail, CloudFront, AWS Config, CloudFlare, etc.
- Experience in patch management and vulnerability scanning in AWS.
- Healthy problem solving and prioritization skills.
- Clear communicator and naturally curious - starting with excellent question-asking and listening skills.
- Familiarity with P2PE, PCI, PA-DSS, SOCII, HIPAA and GDPR compliance preferred.
- Demonstrated ability to drive incident management and breach response.
- Knowledge in PGP encryption
- Knowledge in HSM and Key management
- Fortify Code Security scanning server based and desktop based code review
- Bachelor’s degree in Management Information Systems, Computer Engineering, or Computer Science.
- 5 years of related experience in Information Security Operations or equivalent combination of education and experience.
- Requires experience operating or assessing IT components such as data centers, networks, server and workstation operating systems, infrastructure components, and databases.
- Nice To Have : Two of the following professional certifications or equivalent: SANS GIAC, CISSP, MCSE, CCNA, CEH, OSCP.
About Craftlogic Software
Craftlogic is a software development, outsourcing, consulting and IT staffing company. Craftlogic Software wants to bring back the craft in software development. Like the craftsmen of old, the motivating factor that drives our company is to have pride in our work, deliver solutions to our clients, and have our clients appreciate our effort.
Craftlogic offers you opportunities to work us and our clients on leading-edge projects with the compensation to match. We are owned and operated by technologists like you. We know the value of your skills and so do our clients.
Make some extra money! If you are not a fit for this opportunity but you know someone that is, then refer them to us and we'll pay you a referral fee. Our referral fees average $2,000 if the person you refer gets hired and stays on the job for 90 days. Ask us about our referral program.
View all of our open jobs.