Principal Security Engineer – Offensive & Defensive Permanent

If you class yourself as extremely technical and possess deep knowledge of both defensive and offensive security, I would highly encourage you to apply and start a conversation with me. You honestly won’t want to miss out on this opportunity.

Our client is based in Manhattan and sits as one of the leaders when it comes to financial trading. The mission is to expand their engineering capability across the firm and you will become second in command below the CISO. This means you will be very technical, be an excellent communicator and be able to mentor, however, this is a single contributor position with no hands-on management. They are only a couple of years into their security journey and still somewhat greenfield.

I personally see this role split into the following areas:

Tool deployment

You must have hands on and clear experience deploying security tools with experience across intrusion detection as well as:

• VPN
• SIEM
• EDR deployment

it’s very important you can demonstrate that you have deployed from start to finish and understand the tool lifecycle for tool deployment.

Scripting

Everyone at the firm scripts, especially when it comes to automation and building tools. As an important part of the role you must be fluent in one language, Python, Bash, Java etc. If you have a GitHub page my client would be extremely interested to see it, however it’s not essential to have for the role. They are keen to get a better understanding of the tools you have built.

Incident Response

You need to show that you have been involved in Incident Response campaigns that started with phishing and progressed to social engineering to achieve the end goal. As you can imagine, my client is looking for someone who understands what it’s like to go through a stressful situation.

Penetration Testing & Red Team

You will be involved in pentest and Red Team exercises, so it’s important that you are very familiar with Red Team engagements. The ideal candidate would be someone who participates in pentesting and Red Team exercises on a regular basis, however if you have only managed these situations it’s also fine. Other team members can run tests but you would complement them nicely if you could do them also.

Communication

Working in an organization with strong engineering teams and senior stakeholders, it’s very important you know how to conduct and communicate with different audiences and different levels of technical expertise.

In conclusion, if you are deeply technical and experienced security engineer looking to play a significant part if expanding and increasing a firms engineering capability, this is for you.

Although based in NYC they will be operating an office and remote hybrid model

Please get in touch and we will be happy to share the full details and discuss the opportunity at length.