View Our Website View All Jobs

Sr. Information Security Engineer

The Senior Security Engineer will have a demonstrated passion for managing corporate and cloud security along with a desire to relentlessly champion best practices within the corporation and in an IaaS / PaaS cloud environment.  This role is responsible for performing functions at a technical, advanced level. The Sr. Security Engineer will be required to support day-to-day data security operations, supporting and maintaining a broad suite of information security infrastructure, ensuring compliance with established policies and procedures and coordinating investigation and reporting of security incidents. The Sr. Security Engineer will participate in the planning, design, installation, and maintenance of security systems in support of these security policies. H/She works with parallel departments and customer staff and business units to assess risk and address security issues. H/She configures and maintains security controls in compliance with assigned regulation(s) (HIPAA, PCI-DSS, NIST 800 series (FedRAMP) etc); reviews and analyzes systems security and presents recommendations for improvement to the CISO; communicates security requirements and educates users and employees.

Duties

  • Develops, communicates and enforces organizational security policies, standards and guidelines.
  • Maintain expert technical knowledge and understanding of cyber security threats and trends.
  • Architects and or approves architecture applicable to information security design considerations and ensures controls are appropriately inclusive within all new and existing, applicable system computing environments.  
  • Senior Investigator on incident response activities and the Computer Emergency Response Team.
  • Manage security technical systems, including firewalls, proxy systems, logging, and other security devices.
  • Evaluates operation of the enterprise/departmental applications and enterprise network infrastructure and reports status and recommendations to the CISO.
  • Provides security subject matter expertise to internal organization departments. 
  • Prepares recommendations for security enhancements and upgrades to infrastructure and presents them to the CISO. 
  • Create and review reports on event anomalies.
  • Conducts standards evaluations, risk assessments.
  • Rotational 24x7 on-call status to serve as a Security escalation point.
  • Identify attack vectors, e.g., SQL injection, XSS, CSRF, session-hijacking.
  • Conducts maintenance and upgrades to security infrastructure.
  • Performs related duties, as required and assigned. 

Required skills

  • Advanced Linux and Windows Server OS Administration capabilities.
  • Ability to manage several security infrastructure roll-out projects at the same time in a structured manner.
  • Strong project management skills; including project planning, project design, resource allocation, utilization analysis, etc.
  • Advanced Hands-on experience and administration of Security Devices and Infrastructure to include Security Information Event Management systems, Firewalls, Web Application Firewalls, Intrusion Detection Systems, Anti-Malware systems, File Integrity systems, DDoS mitigation appliances, and IP Reputation Management.
  • Understanding of network protocols and architecture (TCP/IP, ATM, WAN, Bridges, etc.) is required.
  • Understanding of virtual networking hardware and base software is preferred.
  • Experience with securing cloud-based solutions.
  • Strong understanding of NIST framework, in particular, NIST 800-53.
  • Advanced technical understanding of current cyber security threats, trends, and mitigations such as malware variants and mitigation techniques.
  • Able to work independently or with a team, prioritize tasks, effectively manage time to ensure customer SLA’s and expectations are met.
  • Superior communication (oral and written), interpersonal, organizational, and presentation skills including the ability to translate technical terms and concepts to non-technically oriented persons.
  • Prior advanced experience managing large log-correlation environments.
  • Advanced ability to identify web attack vectors, e.g., SQL injection, XSS, CSRF, session-hijacking.
  • Advanced ability to administer network and host-based security tools.
  • Experience with PHP, HTML, or CGI programming languages.
  • Monitor and review security and system patch notification systems to identify and manage corrective action.

Qualifications

  • High School Diploma or equivalent, required. Knowledge of Computer Science or related field(s) typically acquired through the completion of a Bachelor’s Degree.
  • Master’s degree in Information Assurance and or Security a plus.
  • Minimum of five (5) years progressive security-specific experience.
  • Required Security or Technical Certifications: CISSP or equivalent, CEH or equivalent
  • Suggested Security and Technical Certifications: CCSP, CHFI, CCNA-Security, etc.
Read More

Apply for this position

Required*
Apply with Indeed
Attach resume as .pdf, .doc, or .docx (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

150