Based out of our Greensboro, NC office, Raleigh, NC office, or remote, the Information Security Engineer will play a key role on the Information Security team. This position will be primarily responsible for integrating security into various DevOps teams across the globe. This person will help design and integrate security testing into the various CI/CD pipelines.
This Information Security Engineer will also assess information security controls on both internal and external systems, including legacy and new emerging technologies. They will work on ongoing security operations activities, such as incident response, logging/monitoring support, network vulnerability scanning, application scanning, configuration reviews, intrusion detection and response, and configuration and maintenance of various security controls, both on premise and on cloud infrastructure. The individual will need to recommend mitigation strategies based on expertise and analytical skill and will also assist on creating and revising information security standards and policies as well as create and produce applicable metrics.
Experience working in a DevOps environment is required.
Working closely with the Chief Information Security Officer and the IT Security and Compliance organization, the successful candidate will be responsible for performing the following activities:
- Drive the automation of security controls into the Continuous Integration and Continuous Deployment (CI/CD) pipeline across the organization
- Assist with the design of security controls across a wide variety of infrastructures and risk tolerances
- Conduct, support, and/or analyze results from static and dynamic code analysis
- Support the Operations Leaders and work with the Security Compliance team in the execution of the Security Compliance Program by obtaining and analyzing data and information required for decisions in planning, scoping, risk-assessing the review and/or conducting assigned testing
- Apply professional standards and responsible business judgement for the effective, timely execution of assigned tasks and team responsibilities
- Support the ongoing penetration testing activities of the global organization
- Understand the nature and dynamics of systems, products, and operations in order to analyze and determine inherent risks and exposures; conduct analysis of risks and business impacts
- Work with Arch and its business partner entities to develop cost-effective action plans to improve the control environment and operating effectiveness while maintaining our security posture
- Ensure that staff work is complete to the highest professional standards and that the activities subject to review are complying with the Arch’s business ethics
- Execute duties in a participative team environment with effective consideration of time, expense budgets, and project/review deadlines
- Develop security procedures, supporting tools, and reports to evaluate risks and controls
- Contribute to improving Information Security effectiveness and efficiency and to meeting our customer needs by identifying and implementing improvements
- Perform gap analysis and recommendations for creating enterprise wide process level methods to close gaps
- Minimum 4 years' combined experience in IT Software and Infrastructure, networking or security
- Minimum 1 year in a DevOps environment
- Working knowledge and understanding of a wide variety of technologies such as CI/CD pipelines, Jenkins, Docker, Kubernetes, OpenShift
- Experience in management and definition of security in Agile and/or DevOps development methodologies
- Demonstrated knowledge of recognized IT Security-related standards and technologies
- Solid understanding of and ability to speak authoritatively to security principles such as authentication/authorization, access control, and forensic analysis
- Experience with Automation in testing or orchestration
- Critical thinking, initiative, and communication skills are required
- Experience assessing controls in banking or other financial services companies
- Demonstrated interpersonal, analytical, organizational, written and verbal communication skills
- Ability to communicate to all levels of an organization
- Degree in Computer Science, Information Technology or equivalent field of study is preferred
- Training/certifications (OSCP, CSSLP, GWAPT, CISSP, CISA) in Information Security-specific disciplines are highly desirable
Arch Capital Group Ltd. is a Bermuda-based company which provides insurance, reinsurance and mortgage insurance on a worldwide basis. Arch Capital Services LLC provides support and expertise to entities across ACGL to help them operate effectively and efficiently. Arch is committed to helping its associates create what’s next by providing access to a variety of programs supporting your professional development and a culture that encourages innovation, collaboration and professional growth. We seek talent that thinks innovatively, values collaboration and will go the extra mile to serve our customers and develop our company.