Job Opening For Sr. IT Security Engineer in Esurance Company.
Esurance’s IT Team is seeking a Sr. Security Engineer as a member of its IT Security team to bolster and maintain the security posture of Esurance applications, services and infrastructure in order to protect against security threats including intrusions, malware, system-level breaches, unauthorized access, insider attacks and loss of proprietary information.
Location: San Francisco, CA
This individual is expected to be available for off-hour support as part of an on-call rotation and to travel within the continental Unites States as needed.
- Proactively work with IT and business to identify security risks and implement practices that meet standards for information security.
- Security Architecture - Architect security solutions and technically lead their implementation from end to end
- Security Incident Response - Oversee threat management and security incident handling, including the coordination of investigations and reporting of security incidents to management, in alignment with business needs and regulatory requirements
- Implementation of Security Controls – Design and implement controls to meet Esurance security and compliance needs
- Log Review - Review consolidated system logs and other audit trails on a regular basis for indications of attacks.
- Vulnerability Management – Work with Esurance development and infrastructure teams to identify and remediate application- and infrastructure-related vulnerabilities
- Security Expertise – Serve as a resource cross-functionally to share security insight and best practices with teams across the company
- Security Governance - Develop Information Security Policies, Standards, Procedures and best practices to support Esurance’s security control framework
- Security Due Diligence - Ensure that security is factored into the evaluation, selection, and configuration of hardware, applications and software
- Security Assessments - Conduct third party security assessments as required
- Compliance - Ensure compliance to Esurance control framework and best practices through continuous monitoring and gap analysis. Provide support and guidance for legal and regulatory compliance efforts, including audit support
- Security Awareness - Promotes information security awareness throughout the company. Develop information security as a core competency throughout the company
- Security Monitoring - Ensure audit trails, systems logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements
- Evolution and Skill Enhancement - Stay current with security technologies and threats by monitoring vendor and industry publications and attending training
Desired Skills and Experience
- Security engineering experience, including experience implementing encryption, intrusion detection, network security, multiple operating systems (Windows, Linux, etc.), directory services (Active Directory, LDAP), Virtualization Security, Security Information and Event Management (SIEM) tools and log management, web application and network vulnerability scanning, etc.
- Experience with Network Security technologies including Firewalls, IDS/IPS system, cryptographic systems, identity management systems, RADIUS, and TACACS
- Ability to work independently as well as a member of a team
- Ability to articulate security issues in terms of business risk
- Analytical skill, technical knowledge and practical application of information security at a business and technical level
- Experience in the Financial Services industry and solid understating of ISO 27001, SOX and Payment Card Industry (PCI) Data Security Standards (PCI DSS) as well as experience in the implementation of controls to mitigate PCI issues
- CISSP certification is highly desirable
Experience / Education:
- Bachelor's degree (B.S.) in Computer Science or equivalent job experience
- Minimum 5 years experience implementing security solutions and processes
- Minimum 5 years experience with Network Security technologies
Esurance, a member of the Allstate family, offers car insurance directly to consumers online or over the phone. Founded in 1999, we’ve grown from a handful of employees in a tiny office to 15 offices nationwide — and we’re still growing. Of course, we’re always looking for interested and motivated people to join our team.