Intel Information Security Engineer in Phoenix, Arizona
The Application Security Engineer is responsible for defining and driving Intel's corporate-wide application security compliance. Is also a technical expert responsible for providing server/infrastructure engineering support, application/systems support, analyzing software designs and implementations from a security perspective, working to identify and resolve security issues both directly and in partnership with vendors and development teams. You will both develop and leverage appropriate security analysis, defenses, and countermeasures at each phase of the software development lifecycle in an Agile CI/CD environment.
With a focus on both internal and external facing systems, the Application Security Engineer envisions, designs, specifies, implements and monitors those controls that integrate with our development pipelines to secure code and application releases. Will also foster automated integration and interoperability across multiple vendors' security appliances; this integration is not just between those appliances that are deployed within Intel production systems, but also between those internal devices connected to outside parties.
As an Application Security Engineer your responsibilities will include but not be limited to:
Delivery, support and product life-cycle management of enterprise scale security controls/tools.
Own the deployment across all Information Security Solutions providing preventive and detective controls for the successful operation and performance monitoring visibility into our Key Cyber Terrain solutions securing Intel.
Be part of an Agile Scrum Delivery Team and be expected to provide DevOps support to this solution.
Install new software releases, system upgrades, patches and resolve software/system related problems.
Oversee the implementation of network and computer security and ensure compliance with corporate cyber-security policies and procedures.
Verify integrations that are out of the box as well as custom.
Validate vendor provided content for product releases and confirm custom content compatibility.
Testing of base and custom product functionality.
Troubleshooting of identified issues.
Implement software fixes (patches) to remove system vulnerabilities.
Perform security assessments of applications and systems using penetration and vulnerability testing and risk analysis.
Respond immediately to cyber security related incidents and provide a thorough post-event analysis.
The ideal candidate should exhibit the following behavioral skills:
Critical thinking and analytical skills: using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
Active listening: give full attention to what other people are saying and take time to understand the points being made.
Strong communication skills: communicate effectively in writing and in conversation as appropriate for the needs of the audience. Skilled at communicating and prioritizing threats and vulnerabilities to a diverse audience and confidently express and assist with proper remediation methods.
Work in a dynamic and team-oriented environment.
You must possess the below minimum qualifications to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates.
- Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Cyber/Information Security or any other related field.
3+ years of experience in the following:
Practical security experience with an emphasis on engineering and application support/development.
Linux administration (i.e. installing, configuring and troubleshooting in Linux environment).
Script writing for automation and integration (e.g. Python, PowerShell, Ansible).
Fundamental understanding of application/systems support.
Experience supporting web servers (e.g., Apache).
Understanding of secure software development principles.
Experience working with APIs (including data integration (e.g. Kafka, Denodo).
Working knowledge of enterprise computing environments, including application architectures, network and application protocols and database reporting.
Familiarity with SQL databases (e.g., Postgres).
Experience with monitoring tools (e.g., New Relic, Splunk ITSI).
Experience with Security Information Event Management (SIEM) tuning and reporting.
Familiarity working with the following: SSO, LDAP, PAM and other basic Linux authentication integrations, Django, Gitlab or other code management/version control platforms, Cloud Platforms (AWS, Azure, etc.), Docker and/or Kubernetes, Application.
Lifecycle Management tools, Application Security Testing tools.
Solid understanding of Vulnerability Management, including an understanding of the process and activities required in vulnerability scanning, identification and re porting through to vulnerability remediation.
Knowledge of frameworks, standards and best practices (i.e. NIST, OWASP, PCI, ISO, COBIT).
Security industry certifications such as GSEC or CISSP.
This position is not eligible for Intel immigration sponsorship.
Inside this Business Group
Intel's Information Technology Group (IT) designs, deploys and supports the information technology architecture and hardware/software applications for Intel. This includes the LAN, WAN, telephony, data centers, client PCs, backup and restore, and enterprise applications. IT is also responsible for e-Commerce development, data hosting and delivery of Web content and services.
US, California, Folsom
All qualified applicants will receive consideration for employment without regard to race, color, religion, religious creed, sex, national origin, ancestry, age, physical or mental disability, medical condition, genetic information, military and veteran status, marital status, pregnancy, gender, gender expression, gender identity, sexual orientation, or any other characteristic protected by local law, regulation, or ordinance.