Security Assurance Engineer
RELX

Job Info

---

Job Summary

This role is focused on offensive security testing and validation of Elsevier platform and network controls to protect against unauthorized access, breach and exploitation. The ideal candidate will possess strong, diverse software and system hardening and application security testing knowledge to validate the protection and implementation of security controls. The ideal candidate must be proficient in system, software, web platform, network and cloud development, administration and protection functions. The core responsibility of this role will be achieved through proactive protection of the Elsevier brand through security application testing, security control validation and emulation of tactics that would be employed by bad actors intent on compromise or breach security measures deployed across the entire technology footprint.

Experience and Education:

• 4+ years of Security experience
• 5+ years IT experience within software development or DevOps environments
• BS Engineering/Information Technology/Computer Science or equivalent experience required; advanced degree preferred
• Licensing/certification desired (at least one of the following): CISSP, CISM, SANS, GIAC (or related), ethical hacking/penetration tester certification, and/or security risk assessment certification

Key Responsibilities:

• Senior level software and technology security testing in web and/or cloud-based environments
• Familiarization with security control and protection Risk management frameworks
• Ability to identify and articulate vulnerability and exploitation risk factors and methods for detection and protection
• Demonstrated ability to perform and document manual and automated security testing
• Experience performing static and dynamic code and system configuration security tests
• Ability to create technical security assessment reports
• Ability to conduct conclusive security defect mitigation testing which includes supporting test results
• Highly skilled with secure scripting and application development utilizing Java, Node JS, JavaScript, Python and other common languages
• Comfortable with system orchestration and cloud-based system deployment and management automation and monitoring
• Develop and acquire intelligence to Identify threats and acquire product risk intelligence across all product offerings
• Evaluate, tune and monitor telemetry to identify risks, misuse, fraud and theft of services.
• Analyze chronic incidents, abnormal usage and attack patterns
• Understand and assist with developing metrics demonstrating efficacy of security controls and attack countermeasures
• Recommend control and policy improvements to existing tools, applications, and processes to help strengthen and optimize current capabilities, as well as identifying gaps or other solutions to further enhance the security effectiveness

Technical Skills:

• Advanced understanding of cloud and networking, web-based content delivery platforms and filesystem operation, architecture, patching and security
• Able to propose, scope, conduct, report and remediate manual and automated penetration testing
• Expert level knowledge in vulnerability discovery and remediation
• Expert level knowledge in exploit identification, validation and remediation
• Expert level knowledge of application security and security testing technologies and techniques
• Understanding of risk assessment strategies and software
• Knowledge of information security hardware/software
• Advanced knowledge of security defect and remediation testing
• Experience with security hardening and testing various hardware, software and cloud-based platforms
• Advanced familiarity with opensource and proprietary security testing and vulnerability testing technologies
• Familiarity with Online or eCommerce, banking or credit card fraud detection and investigative detection tools a strong plus.
• Identification of emerging security threats
• Excellent problem-solving experience involving international teams; prior success extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making
• Excellent communication (verbal and written) and customer service skills. Strong interpersonal, communication, and presentation skills applicable to a wide audience including senior and executive management, customers, etc., including diction/terminology and presenting information in a concise and effective manner to clients, management, and various departments using assorted communication mediums

-----------------------------------------------------------------------

Elsevier is an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. If a qualified individual with a disability or disabled veteran needs a reasonable accommodation to use or access our online system, that individual should please contact accommodations@relx.com or if you are based in the US you may also contact us on 1.855.833.5120.

Please read our Candidate Privacy Policy

This job has expired.