Proxy Security Engineer
Proxy Security Engineer
The successful candidate will be a subject matter expert with hands-on experience in a wide range of security technologies, tools and methodologies. The role is suited for an experienced Proxy Engineer with proven understanding of Proxy technologies; Bluecoat ProxySG Appliance experience preferred.
Moderate to Advanced proxy experience required including engineering of flows via proxy and cli access for troubleshooting. This role will help engineer, automate, implement, and operate proxy technologies across the entire technology stack to support the Information Security Program (ISP).
The team fosters a collaborative environment and is building a best in class program to partner with the business to protect the Firm's information and computer systems. Millennium is a complex and robust technical environment and securing the Firm from external and internal threats is a top priority. Principal Responsibilities
- Deploy Blue Coat product solutions throughout the enterprise and function as the primary Blue Coat and proxy SME on the information security team.
- Leads assessment, design and technical implementation activities related to the Blue Coat product platforms
- Ability to configure policy rules, authentication, and ICAP options; ensure logging and reporting requirements are met
- Assist in troubleshooting and problem solving a variety of security-related network and proxy issues
- Design and implement Blue Coat capacity plans
- Assist Blue Coat customer support in managing and solving critical customer escalations
- Analyze and evaluate anomalous network and system activity
- Defines, creates, and maintains proxy policies and configurations.
- Optimizes proxy solutions.
- Lead, implement and manage key monitors for proxy security controls to ensure appropriate security posture and health across the perimeter networks.
- Able to demonstrate clear understanding of current risks and threats to Proxy infrastructure and perimeter at technical and managerial levels.
- Leverage collected Intelligence to improve success in defending Millennium against and responding to future attacks or intrusions.
- Manage remediation efforts for any gaps reported in audits, penetration tests or recommended process improvements.
- Provide support to ensure smooth turnover from Engineering to Production - and provide mentoring to junior level security professionals.
- Develop and maintain documentation of all Proxy Security products including specific tools, technologies and processes.
- Participate in Information Security Incident Response activities for the Firm's environment.
- Bachelor's degree in Computer Science or Engineering preferred. Experience in a variety of cyber security technologies, especially Symantec's BlueCoat Proxy products. 5 + years' experience working in a technical role with a minimum of 3 + years' experience focusing on information security in the financial industry (preferred).
- Proficient in the architecture, design and deployment of these BlueCoat Product solutions: Advance Secure Gateway (ASG/SG) Proxies, Management Center Reporter, and Web Security Services
- Knowledge of Proxy deployment security, lifecycle and operations practices.
- Understanding of various proxy authentication methods with relation to a domain environment
- Knowledge of authentication technologies (including NTLM, Kerberos, and SAML)
- Experience working in DMZ environments with good understanding of hardware load-balancing, firewalls, multi-tiered architectures. F5 experience a benefit.
- Experience operating in large, multiple data center enterprise environments
- Moderate cloud security experience across at least a couple of the more cloud providers (Azure, O365, AWS, etc.)
- Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc... Ideal candidate would be able to intelligently dissect all 7 layers of the OSI stack and has strong knowledge of infrastructure such as DNS, Wi-Fi, PKI and others
- Experience leading root cause analysis and troubleshooting effort for production deployment.
- Experience documenting migration process, test, and validation criteria.
- Development, and scripting skills a huge plus (Python, Powershell, shell scripting, other)
- Hands-on CASB design, architecture and deployment (Sky-high, Symantec CloudSOC etc.) a plus
- Knowledge of technologies such as SIEM platforms (Qradar, Splunk, ELK), Cloud Services (AWS, GCP or Azure) and in routing protocols (BGP, EIGRP, OSPF) a plus.
- Possess a passion for Information Security and Networking.
- Able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency
- Strong verbal and written communication
- Effective inter-team communication to efficiently achieve organizational IT goals and performance benchmarks in a timely manner
- At least one security certification (CISSP, GCIA, CISM, etc.)