Senior Information Security Engineer

JOB PURPOSE: 

Reporting to the Director of Information Security, the Senior Information Security Engineer will work closely with other members of the Information Security team to evaluate, implement, and manage operational security across the enterprise. This includes monitoring systems and networks, identifying threats and responding to violations. The Senior Information Security Engineer will also work with IT and the business to select and deploy tools and controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained. The Security Engineer will also assists with design, test and implementation of secure operating systems, networks, and database products using knowledge of information systems security concepts, applications, and technology.

What you’ll be doing:

• You will provide expert guidance and security oversight for projects, and technical architecture. Manages and/or participates in projects to ensure security requirements are evaluated and met
• Works with CISO to define security standards, procedures, operational activities, and technical architecture
• Manages the development and implementation of Information Security policies and standard procedures
• Evaluate, implement, and manage endpoint security solutions
• Provide Incident Detection and Response
• Research and assess new threats and security alerts, and recommend remediation actions
• Assist in the coordination and completion of security standard, process and procedure documentation
• Work with IT department and members of the security team to identify, select and implement technical controls
• Upgrade security of systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements
• Develops project timelines for ongoing system upgrades
• Conducts regular tests and monitoring of network security
• Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, and participating in professional organizations
• Verifies security systems by developing and implementing test scripts
• Establishing disaster recovery procedures and conducting security breach drills
• Monitoring and guiding the security team, cultivating a sense of security awareness, and arranging for continuous education

What you should have:

• A minimum of seven (7) years of work experience in Information Security
• Strong information security architecture design and implementation skills
• Technical knowledge of Windows and Linux operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools (Firemon), and desktop security tools
• Ability to understand and apply knowledge of information systems security concepts (e.g., secure architectures, secure electronic data communications, network security, and protection of sensitive data)
• Extensive knowledge of security configuration including encryption and secure protocols, tools used to analyze security problems, security hardware, software, and operating systems, and security monitoring concepts
• Strong working knowledge of IT risks, cyber security, and computer operating software
• Advanced understanding of security protocols, cryptography, and security
• Experience implementing multi-factor authentication
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures
• Excellent written and verbal communication skills as well as business acumen and a commercial outlook
• IT security or risk assessment certifications are advantageous (CISSP, SANS certs, CRISC, etc.)
• Strong Cloud security knowledge (AWS, Azure, etc.)
• Security Automation and orchestration knowledge (XSOAR, Hive, etc.)
• Security information event management knowledge (LogRhythm, Devo, etc.)