Sr. Information Security Engineer
The Sr. Information Security Engineer is responsible for the complex design and implementation of organization security components to ensure that information, (Regulatory and Private) is secure from unauthorized access, protected from inappropriate alteration, physically secure, available to authorized users in a timely fashion, and monitored for incidents, breaches, and other anomalies.
In this position you also ensure product development and service delivery risks are identified and mitigated. As the Sr. Information Security Engineer you will implement, maintain, and enforce data security standards, processes and initiatives. Part of this role will include application penetration testing, assisting in development and execution of an annual risk assessment, and participation in incident response. This role will also gather, analyze, and respond to security log and report data as well as implement and maintain required security controls.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Maintain confidentiality and protects sensitive data at all times.
- Responsibilities include vulnerability management, scanning and remediation, patch management, and threat and vulnerability assessment.
- Audit internal patching programs of major Hardware/Software manufacturers.
- Demonstrative knowledge in information technologies to include computer hardware, software, operating systems and networks.
- Knowledge of common attack methodologies; common types of security vulnerabilities.
- Assist in threat analysis and modeling; involving examination, analysis, documentation, and assessment of internal and external threats, electronic crime activity and information security risks to critical infrastructure systems.
- Maintain, execute, and refine processes to monitor, collect, and update information about threats and vulnerabilities for input into the Threat Vector Analysis process.
- Assist improving the security posture capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to threats and vulnerabilities.
- Participate in collaborative programs with personnel in all IT departments to ensure that secure development, coding and system deployment practices are consistently implemented throughout the enterprise
- Provide technical support to system owners to propose mitigation and remediation solutions to identified vulnerability and security issues.
- Demonstrate honesty, responsibility, integrity and fulfillment of commitments.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Knowledge, experience, skill, and/or ability
- Cyber Incident Handling and Response Experience.
- Strong understanding and applied concepts of computer forensics.
- Robust analytical and investigative skills.
- Solid risk assessment process understanding.
- Ability to analyze vulnerabilities in order to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE).
- Solid decision-making skills.
- Clear written and oral communication skills.
- Self-discipline and focus with attention to detail.
- Innovative problem-solving skills.
- Ability to understand information security risks associated with vulnerability and penetration testing.
- Vulnerability program management experience.
- Experience working with SIEM solutions (LogRhythm preferred).
- Knowledge of security standards such as ISO 27001/2, SOC-2, HIPAA, PCI-DSS, etc.
- Ability to identify potential compliance issues.
- Experience with programing and scripting languages such as: Python, Ruby, Bash, Batch, Perl, PowerShell.
- Experience with the implementation, maintenance, and enforcement of security standards, processes and initiatives.
- Experience with risk assessments.
- Knowledge of secure configuration and hardening of systems.
- Experience with network, wireless and application penetration testing.
- Proficiency in the use of manual and automated techniques for scanning, vulnerability, and penetration testing of networks, applications, operating systems, databases, and email systems.
- Familiarity with SaaS security and Microsoft Cloud.
- Experience developing and delivering training program on information security best practices.
- Experience in network security.
- Experience with identity access management.
- Experience with secure coding practices.
- Practical knowledge of the Open Web Application Security Project development and/or testing methodologies.
- Experience with secure software development Assist in development of security-related software development processes including coding standards, technical documentation standards, QA processes, build, and configuration management.
- Experience with Data Loss Prevention.
- Bachelor’s degree (B.A. or B.S.) in Information Systems, Computer Science or other technology-related field from accredited institution and 10 plus years relevant experience, OR equivalent combination of education and experience.
- At least 5 years of Information Security (Governance, Architecture or Engineering).
- Information Security Certifications such as CISSP, CEH, GPEN, OCSP, RHCSA, CompTIA Security+ Linux+, GIAC, GCIH, GCFA, GCIA, GNFA, GCUX or CISA are a plus.