Information Security Engineer

Essential Duties and Responsibilities:Working with security tools and API integration work including writing scripts and development of automation around detection and remediation activities.Given the growing nature of the organization, you will work closely with other internal and external groups and may also assist in other security activities as necessary in response to assessments and/or audits.Implementing and operating vulnerability management and security log collection and monitoring tools, analyzing data from those tools and providing recommendations for security improvements to existing processes and technology, and participating in and leading incident response efforts.Identification and remediation of OS and network security weaknesses and vulnerabilitiesRespond to internal and/or external reports, events, and incidents (e.g. scanning, hacking, phishing)Qualifications: Bachelor’s in computer science (or equivalent) degreesMinimum of 5+ years of documented information security work experienceAt least 5+ years of system/network security experience, including threat modeling, threat assessments, risk identification techniques, penetration testingDetailed knowledge of network and Web related protocols (e.g., TCP/IP, IPSec, HTTP, SSL, routing protocols)Atalla HSM experience (knowledge of transaction encryption) and Imperva, SecureSphere, WAF, and DB experience.Experience with planning, deployment, and operation of large enterprise security management tools such as IDS/IPS (network and host), advanced anti-malware (network and endpoint), DLP, encryption, anti-virus, firewalls, identity management, NAC, MDM etc.Demonstrated experience with malware remediation.Experience in one or more technical forensic toolsExperience with Splunk from systems deployment and endpoint configuration to log analysis and interpretation.Ability to identify signs of intrusion or infection on a variety of systems.Expertise in administration of enterprise OS’sAbility to move seamlessly between a hacker / attacker mindset and a security engineer / defender mindsetHands on experience with Nmap, vulnerability scanners, ZAP, Kali, MetaSploit, Wireshark, Kismet, Aircrack-ngPenetration testing experienceApplication and database security experience, including code reviewsNetwork and security engineering experience, including log and network traffic capture analysisIT security certifications (SANS GIAC, CISSP, CCNA Security, CCNP Security, RHCSA or RHCE, MCP or MCSE ) are a plusExperience with advanced malware technologies is a plus.MerchantE does not provide visa sponsorship for this position. Candidates must be legally authorized to work in the United States without current or future sponsorship.