Location: Salt Lake City, UT
The Security Engineer position supports the Security Engineering team under the Trust Office. The Securing Engineering team focuses on systems security engineering, systems security requirements, systems security architecture, and systems security solution implementation. Provide expertise in developing, coordinating, and ensuring the continuous delivery of enterprise level security engineering solutions. Develop and architect data processing software to functionally align intrusion detection systems/intrusion prevention systems, endpoint detection and response (EDR), cybersecurity software, and security incident and event monitoring (SIEM) software to provision enterprise cybersecurity visibility.
Develop, automate, and sustain security software to reduce malicious network and application attacks. Collaborate with multiple engineering teams across the company to plan, engineer, test, deploy, and maintain tailored cybersecurity software within a secure software development lifecycle (SDLC). Develop technical solutions and new cybersecurity tools, configure and troubleshoot cybersecurity infrastructure systems, and implement and monitor security measures to help mitigate infrastructure and application vulnerabilities and automate repeatable software logic.
This role is responsible for developing, deploying, and sustaining cybersecurity software and working with the Security Engineering team to deliver tailored software in an effort to reduce the company's attack surface and enterprise vulnerabilities.As a Security Engineer, a Typical Day Might Include the Following:
To Land This Gig You'll Need:
- Assess logical and physical network architecture to analyze and ensure cybersecurity controls exists throughout enterprise data-flow schematics.
- Facilitate effective design, development and delivery of technical security solutions that consistently meet industry standards and user requirements.
- Determine, document, and enforce methods for complying with secure software development/SDLC practices (open technology requirements, safety and security, information assurance, metrics tracking, change and configuration management release plans, etc.).
- Build internal applications and procure tools to discover, evaluate and mitigate security vulnerabilities during development and in production.
- Perform deep analysis of systems to understand limitations and weaknesses to identify cybersecurity challenges.
- Develop and implement security software within cloud environments to ensure applicable industry and regulatory standards are adhered to.
- Conducting dynamic web application security testing and static/interactive code analysis, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
- Specialize in building and administering security devices such as network switches, firewalls, web proxies, data loss prevention systems, intrusion prevention systems, SIEM and EDR systems.
- Actively monitor and address security systems' performance issues with experience writing plugins and running queries for monitoring tools
- Maintain the highest level of personal certification, integrity and objectivity, following the company Code of Ethics and Nice inContact policies and procedures at all times.
- Associate degree in Computer Science, Electrical Engineering, Business Information Systems, Information Systems Security or related field or equivalent work experience required.
- 5+ years of hands-on experience in software engineering and cybersecurity software operations such as vulnerability scanners, penetration testing toolkits, intrusion prevention systems, and firewalls
- 2+years of designing, architecting, and implementing security controls and securing enterprise-wide systems, applications, network and infrastructure services.
- Strong understanding of, and experience with, the full-range of cybersecurity disciplines. This includes:
- Access control
- Systems hardening
- Threat modeling
- Vulnerability management
- Risk management
- Experience with development and implementation of vulnerability remediation strategies, configuration and execution of vulnerability and web application scans, and the automating of server configuration for security including logging, key changes, and system hardening.
- Experience with, and strong knowledge of, modern systems engineering tools, architecture, technologies and best practices
- Extensive experience programming in Python, Angular, C#, .NET, PHP, or similar scripting languages
- Knowledge of web application security principles and experience securing modern, large-scale web environments
- An in-depth knowledge of Windows and Linux server platforms, system patching and remediation, active directory and cybersecurity concepts is required.
- Experience with customer identity, security and data privacy, and standards and technical protocol implementations are critical
- Excellent communication skills, both written and oral
ABOUT NICE inContact:
- Certifications in information security or related field (one or more preferred):
- AWS Certified Developer
- Certified DevSecOps Engineer
- 2+ years of working with design and implementation of systems and applications with Amazon Web Services
- Experience working with engineering teams in multiple geographic locations.
- Extensive experience engineering applications within cloud/elastic environments
- Working knowledge of runtime application self-protection and security automation controls within the SDLC
NICE inContact makes it easy and affordable for organizations around the globe to provide exceptional customer experiences while meeting key business metrics. NICE inContact provides the world’s #1 cloud customer experience platform, NICE inContact CXone™, combining best-in-class Omnichannel Routing, Workforce Optimization, Analytics, Automation and Artificial Intelligence on an Open Cloud Foundation. NICE inContact is a part of NICE (Nasdaq: NICE), the worldwide leading provider of both cloud and on-premises enterprise software solutions.