The IT Security Engineer will be sought out as a technical expert. The successful candidate be a product owner on a security team and will be a knowledgeable, hands-on technical specialist that will develop policy, perform incident handling, and provide System Development consulting to the development teams. The candidate will also be responsible for application security policy development and maintenance; monitoring compliance with corporate Information Security policy and applicable regulatory requirements. Working with the application development teams, the IT Security Engineer will monitor, assess, and fine-tune the WAF policies through incident monitoring and analysis, as well as tracking remediation of system/application vulnerability assessment scan findings and 3rd party risk assessment reviews, as required.
Provide support and engineering of the Web Application Firewall policies
Engineer and Architect solutions using WAF or other security products. Develops and maintains WAF security design documentation.
Work with internal delivery teams to integrate applications with WAF policies
Provide accurate and timely reporting on all project deliverables
Recommends secure and effective solutions for system/application development in compliance with Information Security processes and concepts for applicable systems and software.
Understands business objectives and provides direction based on best practices, risk, Corporate Policy, and association and regulatory guidelines.
Manages large scale, highly technical projects; display solid and effective project management skills
Leads enterprise-wide definition, establishment and maintenance of data security-related infrastructure, applications and processes
Good communication skills with engineers and senior management, both orally and written
Conduct security reviews of core security infrastructure & online applications
Candidate will be expected to participate in 24/7 On-Call rotation
Mentors on assessing and disseminating threats related to the enterprise in regard to current vulnerability, on managing and developing an emerging threat model.
Assist with comprehensive investigation of security issues by analyzing security log data, interpreting data in support of security event management process from various data feeds and triaging on a wide variety of security events.
Consults on incident handling process which includes implementation of containment, protection and remediation activities. Manage WAF Incidents and work with development teams to resolve application issues identified by WAF incidents
Reviews circumstances surrounding data security incidents and designs corrective actions. Documents security policies and procedures
Mentors on new and emerging threats that can affect the organization’s information assets, researches the third party software/solutions, IT configuration changes (including access control requests), and network/system architecture from risk perspective, and provides appropriate direction.
Work on problems of diverse scope where analysis of situation requires evaluation and judgment. Provide 3rd level support for complex issues and problems.
Produce service levels consistent with current business needs and future requirements.
Ensure the control, reliability, performance, and security of all distributed platforms.
Establish standards and guidelines.
Elicits requirements, design, develop, and implement application security solutions with guidance from other Security Engineers and application developers
*** ENGLISH PROFICIENT ASSESSMENT WILL BE REQUIRED AFTER APPLICATION ***
Bachelor’s or equivalent Degree in Computer Science or a related engineering field
3+ years of technical experience in Information Security or Application Security
2+ years of direct work experience with designing, implementing, and monitoring policy for Web Application Firewalls
Thorough understanding of fundamental security and network concepts (Operating systems, SQL Injection, Watercooler Attacks, TCP/IP, SSL Certificates, ports, etc.)
The ability and willingness to participate in a rotational 24x7 On-Call support
Bilingual proficiency in English & Spanish
Experience in Azure environment, or FortiWEB WAF
Experience with secure coding practices
Development experience in one or more of the following: .NET, C+, Python, PS, Bash, or Java
Previous experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms
Working knowledge of Agile development lifecycle and CA Agile Central
Careers with Optum. Here's the idea. We built an entire organization around one giant objective; make the health system work better for everyone. So when it comes to how we use the world's large accumulation of health-related information, or guide health and lifestyle choices or manage pharmacy benefits for millions, our first goal is to leap beyond the status quo and uncover new ways to serve. Optum, part of the UnitedHealth Group family of businesses, brings together some of the greatest minds and most advanced ideas on where health care has to go in order to reach its fullest potential. For you, that means working on high performance teams against sophisticated challenges that matter. Optum, incredible ideas in one incredible company and a singular opportunity to do your life's best work.(sm)
Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.
UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.
Business &Technology Integration San Juan, PR
First Banks, Inc. Puerto Rico
LOCKHEED MARTIN CORPORATION Aguadilla, PR
Banco Popular de Puerto Rico San Juan, PR
INGELLICOM San Juan, PR