IT Security Engineer
About the Job
Callaway Golf Company is a leader in total performance, premium golf equipment and active lifestyle products while also being a great place to work! We are passionate and push the limits of innovation. We dare to be great while acting with integrity and respect. We stay hungry, yet humble. All while having fun and making golf enjoyable for everyone!
Our company is a blend of experience and diverse backgrounds, and our leaders have a strong history of building and selling successful initiatives. We are working to build a truly groundbreaking company, and we want top-notch people to join us in that mission.
This position is responsible for ensuring that the Company’s technology and data are secure from malicious attacks that may breach or expose the Company’s IT systems, employee information, or intellectual property. This position performs security engineering tasks including detection and analysis of cyber security threats, forensic investigations, network security design, vulnerability scans and remediation, and would assist in managing and carrying our IT security projects and initiatives.
ROLES AND RESPONSIBILITIES
- Understand company business processes and identify vulnerabilities, if any.
- Identify and classify our data in terms of compliance, privacy, and competitive IPs.
- Identify systems, devices, databases, and applications that store sensitive data.
- Design policies for systems and software development with the goal of protecting sensitive data.
- Create a secure infrastructure layer that isolates sensitive data from general access.
- Perform technical analysis of security logs to identify potential security threats before and after they occur and establish baseline security models.
- Perform regular vulnerability testing of systems, databases, and applications.
- Take proactive actions to mitigate findings of vulnerabilities scans.
- Works with external law enforcement, management, physical security, Human Resources, Legal, and Finance as necessary to provide technical expertise regarding information security events and incidents.
TECHNICAL COMPETENCIES (KNOWLEDGE, SKILLS, ABILITIES)
- In-depth knowledge and expertise in one or more security disciplines with emphasis on Vulnerability Management, Threat Monitoring, Data Loss Prevention, Identity and Access Management.
- Expert in at least one of the following programming languages (C, Java, or Python).
- Well versed in network security, security policies, cryptography, authentication, and secure communication protocols.
- Must be able to manage, configure, and maintain rules and policies on web application firewalls (WAFs) with a strong understanding of application data.
- Experience in installation and configuration of endpoint security tools such antivirus, configuration management and asset recognition.
- Knowledge of Firewalls, Iptables, Syslog, IDS/IPS, Web Security, Endpoint Protection, Forensic Investigation, etc.
- Ability to design and build enterprise monitoring capabilities.
- Expert knowledge of Security Information & Event Management systems (SIEMs) such as ArcSight or Splunk.
- Complete command on dealing with security systems, intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, anti-virus software, log management, authentication systems, content filtering, etc.
- Strong awareness of current cyber security trends and hacking techniques.
EDUCATION AND EXPERIENCE
- Bachelor’s degree in Computer Science or equivalent work experience.
- Minimum 3 years of IT security experience. Infosec experience across a combination of Antivirus, IDS/IPS, Firewall, SIEM, FIM, Database monitoring technologies.
- Proven work experience as a network security engineer or information security engineer. Experience in using software / hardware / networking tools for White-Hat Hacking is a plus. Hands on Linux and Windows Administrator functions.
- Previous experience working in a highly regulated industry that collects personally identifiable information (PII).
- Experience developing security policies for cloud-based infrastructure (i.e. Azure, AWS, etc).
- Experience in network penetration testing would be a plus.
- Hands on experience integrating disparate tools - proficient in API calls to enable integration.
- Experience with Incident Response (IR), forensic, and “hunting” for security events.
- Security certifications, such as AWS Certified Solutions, PenTest+, OSCP,, would be a plus.
- CSSP, CCSP, CISSP, or similar certification required.
- SOX and PCI DSS 3.1 compliance experience a plus.