Endpoint Security Engineer ( 597606-1C )
When you join Verizon
Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
The Verizon Corporate Information Security (CIS) organization enables the business by protecting assets and information across Verizon networks, infrastructure, and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services. Security Engineering’s mission is to provide control-driven process and technology assessments along with recommendations to reduce risk by protecting our network, endpoints, and data. The team acts as a bridge between our key business partners and our security architecture and information risk functions to find mitigating solutions that allow our business to move forward with innovation while reducing risk to an acceptable level.
We are looking for an experienced Application & Endpoint Security Engineer to join our Security Engineering Team.
- Work in active partnership with internal and external stakeholders to engineer application security solutions using security tools and services aligned with Verizon security standards and industry best practices.
- Provide application security related coaching and mentoring to elevate security expertise of development teams.
- Perform threat modeling on key platforms and services – identifying threats and enumerating controls to prevent, detect, and respond.
- Perform security engineering reviews and technical consultation for various projects and initiatives.
- Work with internal and external stakeholders to understand business requirements and deliver secure solutions that support IT and business objectives.
- Analyze and identify risks in network and system designs and communicate with stakeholders to address the risk and drive a solution
- Provide technical assessment of control deployments, providing control implementation guidance, and mitigating control solutions where/when necessary.
- Provide services that follow accepted best practices in security, recognizing changes in threat vectors.
- Work with engineering and operational teams to deploy and integrate security infrastructures based on understanding of the risk within the Verizon enterprise.
- Make informed decisions on matters of risk and security engineering approach that reflect your information security experience and industry best practices.
- Process various requests, reviewing through the lens of security best practices, least privilege, compensating controls, and needs of the business.
Where you'll be working...
In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.
What we’re looking for...
You'll need to have:
- Bachelor’s degree or four or more years of work experience.
- Six or more years of relevant work experience.
- Experience in development and application security.
- Experience in endpoint security.
- Willingness to travel.
Even better if you have one or more of the following:
- Bachelor’s degree in information technology or cyber security.
- Certifications: CISSP, CCSP, CISM/CISA, AWS, Cisco, or other security or technical certifications.
- Experience coding in Java, Python, or Go, and at least one scripting language.
- Knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
- Experience securing cloud infrastructure and cloud applications.
- Knowledge of AWS, Azure, GCP and OCI native security tools.
- In-depth knowledge of application security concepts, best practices and methods.
- Knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
- Experience with data architecture, modeling and integration.
- Understanding of security by design principles and architecture level security concepts.
- Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
- Experience with methodologies and tools, for threat analysis of complex systems, such as threat modeling and software fuzzing.
- Knowledge of developer tools and environments, project management and bug tracking systems.
- Experience building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.
- Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing etc.
- Demonstrated knowledge of cybersecurity risk, compliance, and governance management concepts, cybersecurity frameworks, and security technologies.
- Experience with NIST CSF and functions Identify, Protect, Detect, Respond, and Recover.
- Demonstrated understanding of cyber risks and implementing mitigation plans.
- Experience with Endpoint Protection methodologies like MDM, CIS/STIG hardening, security agents, vulnerability management.
- Experience with Network Protection methodologies like tiered-architecture, segmentation, firewalls, IDS/IPS, proxies, remote connectivity, Zero Trust.
- Experience with Data Protection methodologies like encryption, obfuscation, masking, tokenization.
- Experience in web and/or mobile application assessments.
- Experience with the transformation of traditional data center security measures into hybrid and cloud deployment (AWS, GCP, Azure).
- Understanding of tools and techniques used by attackers to gain entry into corporate networks, including common IT system flaws and vulnerabilities (knowledge of threat landscapes and threat modeling).
- Strong communication and written documentation skills.
- Ability to handle multiple priorities in a fast paced, dynamic environment.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.
COVID-19 Vaccination Requirement
Verizon requires new hires to be fully vaccinated against COVID-19. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical, religious, or state law recognized reasons).