Headquartered in Atlanta, GreenSky is a leading U.S.-based technology company enabling frictionless promotional financing at the point of sale for a growing ecosystem of merchants and consumers.  Our Company was founded on the idea that payment, credit, and commerce could be enhanced using technology delivered via an elegant user experience. Our mission is to help businesses grow and delight their customers. For more information, please visit https://www.greensky.com.

Position: Network Security Engineer

Summary

The network security engineer is highly technical and works as part of the cybersecurity team to design, implement, and monitor controls across infrastructure and applications hosted on-premises and in the cloud (IaaS, PaaS, SaaS). In this role, the network security engineer is responsible for securing complex infrastructure with robust policies and configurations designed to defend against threats and vulnerabilities. At the same time the engineer is conscious of company operations and will focus on resiliency of the business. The engineer will enable systems, applications, and tools to protect against an evolving threat landscape, and adapts to change where necessary. Additionally, network security engineers work as part of a team, share information, and validates systems and controls are operating as intended and collaborates to counter security risk. The engineer will understand infrastructure, services, 3^rd parties, and application dependencies in use and where weaknesses may exist that require controls to help protect the GreenSky environment.

Network security engineers will be expected to have advanced technical knowledge with solution design for firewalls, WAFs, VPNs, DNS, IPS/IDS, DLP, and segmentation within a Cloud environment. The engineer will implement best practices and support NIST security framework and design and implement defenses for web application attacks. Network controls will be designed, tested, automated, and deployed across infrastructure following security policies and procedures. On-going assessments are required to gauge effectiveness and then adapting to the threat landscape. Security risks to the business that are identified are documented and escalated to the Network Team, Architecture Team and Security Team. Network security engineers will possess general incident response skills and experience working with security operations center (SOC) employees. Technical and analytical skills are vital as well as the ability to communicate effectively with technical and non-technical colleagues. The engineer will report to the Senior Security Architect.  

Essential Job Duties

• Design, implement, manage, and troubleshoot security and network solutions deployed in a multi-cloud infrastructure in AWS/Azure.
• Enhance security controls on the firewalls and cloud-based WAF’s working with Network Team, including rule review, auditing, and compliance tasks.
• Monitor and respond to performance issues across systems and applications.
• Deploy rigorous solutions using commercial and open-source tools to defend against emerging threats.
• Adopt cybersecurity framework standards across network and application stack.
• Monitor and respond to events and alerts generating suspicious activity to SIEM solutions.
• Develop and implement workflow to update and maintain configurations across protected infrastructure.
• Collaborate with incident responders and Security team members to investigate suspicious activity.
• Regularly participate in adversary emulation tabletop exercises to improve detection and response.
• Review vulnerability and penetration test results to identify exposure and improve network security posture.

Skills and Experience

• Preferably 5+ years’ of combined experience in security and network engineering/architecture in Azure/AWS.
• Understanding of security engineering principles and adept with NIST framework 800-160
• Proficient with VPNs, WAFs, NGFW, IDS/IPS, Proxies, DNS, PKI, NAC.
• Thorough understanding of network protocols/flows to assist in identifying anomalies and security incidents/forensics, including BFD and BGP.
• Extensive experience with cloud infrastructure/architecture in Azure and AWS, with focus on Network, security and automation.
• In-Depth knowledge and hands-on experience configuring and managing Palo Alto Firewalls, Cisco Firewalls/Switches coupled with network automation experience.
• Familiarity with Ticketing and Design tools including Jira, Confluence and LucidChart.
• General knowledge and experience with threat intelligence, DDoS, bots, and CDNs.
• Familiar with one or more regulations and laws such as PCI, SOX, and CCPA or other privacy regulations.
• Aptitude with one or more scripting languages (Python, PowerShell, JavaScript, TypeScript, and Bash).

Education Requirements

• Bachelor's degree preferred in engineering, cybersecurity, computer science, or related technical field.

Certification Requirements

• Preferable but not required, one or more certificates such as GSEC, GDSA, CISSP, Network+, Vendor (Palo Alto Networks, Cisco), CCNA, CCNP or other related security and network certifications