Senior Security Engineer  

The Senior Security Engineer that will serve as a technical thought leader and hands-on senior contributor in the ongoing enhancement and monitoring of our Security Program for both AWS Cloud and on-prem.  This individual will be responsible for installing and managing software security tools, analyzing metrics, and documenting any security issues discovered.

Essential Functions and Responsibilities:

• Contributes to the development and maintenance of the information security strategy
• Implement, manage, and monitor security and auditing platforms including evaluation and deployment of new tools and techniques to better secure Plymouth Rock’s infrastructure.
• Research, design, and advocate new technologies, architectures, and security products
• Assist in the creation, maintenance, and execution of the security roadmap.
• Serve as the main point of contact with outside Managed Security Service Providers to ensure services are delivered effectively.
• Coordinate and perform security-related awareness campaigns and educational exercises.
• Investigate security incidents and other cyber security events.
• Apply security principles to networking, windows and desktop platforms, firewalls, IPS/IDS devices and SIEM technologies.
• Fix detected vulnerabilities.
• Create and execute remediation plans for identified security threats to maintain a high-security standard.
• Research security enhancements and make recommendations.
• Stay up to date on information technology trends, news, and security standards.

Qualifications and Education:

• Bachelor’s degree in an Information Technology related major
• SSCP, CompTIA Security+ or CISM preferred
• 5+ years of combined experience working in information technology and/or security
• Experience with information security in Cloud computing and SaaS/IaaS/PaaS models.
• Solid knowledge with AWS cloud security tools – Guard Duty, CloudTrail, Security Hub et al.
• Solid knowledge securing assets in AWS.
• Experience with implementing WAFs, Botnet protection and OWASP top 10 best practices
• Familiarity with microservice architectures and cloud-native technologies
• Ability to meaningfully participate in code reviews and provide security guidance to software development teams.
• Familiarity with Continuous Integration and Continuous Delivery pipelines (CI/CD)
• Familiarity with product lines such as Veracode, Jenkins, Chef, Puppet
• Extensive experience configuring, deploying, and managing next gen endpoint protections, endpoint detection/response, secure web gateways and application firewalls
• Extensive knowledge of information technology operations, responsibilities, procedures to ensure adherence by all staff and make incremental improvements as needed
• Expert knowledge of and experience with application infrastructure components such as Windows Server, Active Directory, Group policy, SQL Server, IIS, VMWare and Tomcat.
• Experience with DLP, anti-virus and anti-malware.
• In-depth understanding of TCP /IP, computer networking, routing and switching.
• Solid experience with firewall and intrusion detection/prevention protocols.
• Experience with Network protocols and packet analysis tools.
• Experience with Security Information and Event Management (SIEM).
• Understanding of IDS / IPS, penetration and vulnerability testing.
• Ability to identify and mitigate vulnerabilities and explain how to avoid them.

About the Company:

The Plymouth Rock Company and its affiliated group of companies write and manage over $2.0 billion in personal and commercial auto and homeowner’s insurance throughout the Northeast and mid-Atlantic, where we have built an unparalleled reputation for service. We continuously invest in technology, our employees thrive in our empowering environment, and our customers are among the most loyal in the industry. The Plymouth Rock group of companies employs more than 2,000 people and is headquartered in Boston, Massachusetts. Plymouth Rock Assurance Corporation holds an A.M. Best rating of “A-/Excellent”.

#LI-DNI