Senior Information Security Engineer

• Security Control Design and Implementation

• Ensure the rigorous application of cybersecurity policies, principles, and practices in the delivery of all IT and cybersecurity services

• Design, and implement cost-effective controls to reduce business risk from real-world attacks such as ransomware, DDoS, data theft, and account takeovers

• Design and optimize our network boundary protections and sensitive data flows using tools such as firewalls, VPNs, IPS/IDS, CASB, wireless security, network access controls, and web and email security

• Implement and support Single Sign-on, PAM, Multi-factor Authentication, Enterprise Mobility Management, security certificates and SIEM solutions

• Identify, plan, and document improvements to security controls already in place

• Security Advocate within the Business

• Play an advisory role in IT projects to assess security requirements and controls and to ensure that security controls are implemented

• Lead or manage efforts on penetration testing, code reviews, design/architecture, and system security reviews.

• Assess applications and the associated data flows for risk to sensitive data, systems, or infrastructure.

• Provide management and business clients with information related to security and threat trends to protect the company from internal and external intrusions and risks

• Act as an agent of security awareness, foster and influence good internal information security practices through presentations, training, and other communication opportunities

• Incident Handling and Response

• Act as an escalation point in the investigations of cyber alerts, events, and incidents to ensure thorough investigation and response

• Review and recommend improvements to incident response process and procedures and lead annual exercises

• Maintain Situational Awareness

• Validate hardware and software inventories and work with inventory owners to reconcile differences and identify processes to improve inventory management.

• Ensure all systems and devices on the company network are adequately patched and hardened

• Maintain a current awareness of information security issues and trends and provide educational briefings to peer groups within the Information Technology department

• Maintain professional security certifications and accreditations

• Other responsibilities as required

• Bachelor’s degree in IT, Computer Science or related discipline preferred

• 7+ years’ experience maturing and improving information security programs

• Comfortable leveraging outside experts for implementation assistance and support

• System engineer level understanding of infrastructure technologies such as Active Directory, virtualization, and Windows operating systems

• Functional knowledge of modern networking protocols such as TCP/IP, IPSEC, VPN, MPLS, and SD-WAN

• Understanding of cyber kill chain as it relates to attacks by cyber-criminals against corporations

• Experience implementing security controls including IDS/IPS, firewalls, EDR, MFA, SSO, PAM, and email filtering.

• Experience using SIEM tools for log collection, incident detection, and investigation

• Excellent written and verbal communication skills

• Persuasive negotiator able to exert influence without authority

• Experience identifying cost-effective solutions for complex problems within corporate enterprise

• Excellent analytical, troubleshooting, and problem-solving skills

• Solid grasp of vulnerability management, including an understanding of the process and activities associated with vulnerability identification and remediation

• Demonstrated ability to identify security events based on network, computer, and user behavior and investigate to eliminate false positives

• Demonstrated ability to identify security vulnerabilities in proposed solutions and suggest alternatives that accomplish business goals while reducing risk

• Experience hardening and applying modern security standards across servers, workstations, SaaS-based solutions, and network equipment

• Demonstrated track record staying up to date with Information Security and threat intelligence knowledge across the security and tech communities.

• Knowledge of security frameworks and methodologies such as CIS Top 18, NIST Cybersecurity Framework, and PCI DSS

• Remain flexible in your point-of-view to support the direction taken by the business

• Possess solid understanding of cryptography basics (public/private keys, TLS certificates, PKI, etc.)

• Professional certifications such as GCIH, CISSP, CySA+ a plus

Tags