Under the direction of the Information Security Manager, the Information Security Engineer is responsible for architecture, design, implementation, integration, administration and maintenance of enterprise security solutions. This includes, but is not limited to network, systems, endpoint, mobile, email, identity access management, cloud and application security technologies. You will be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team.
The Information Security Engineer will be required to participate in incident response to support the Cyber Threat Center and production support where and when appropriate. Extensive contact with internal customers, other information technology (IT) professionals and vendors is required to identify, research, analyze, and resolve complex security issues and problems.
Top Skills Necessary
- Primary subject matter expert, support and central point of contact for security solutions.
- Technical lead with the ability to mentor other members on the team
- Collaborate with and provide information security consulting to projects and initiatives.
- Forward thinking to identify upcoming trends and security best practices on the network.
- Lead implementation efforts of security initiatives and resolutions of any findings from internal or external assessments
- Ensure enterprise security standards are in place
- Responsible for up-time, monitoring, reliability, stability and policy maintenance of supported systems.
- Serves as key person in troubleshooting system problems, taking ownership of problems to resolution.
- Produces and maintains current description and documentation of policy configuration, including tracking and documenting any changes to policies.
- Analyzes performance trends to optimize system performance.
- Improves operations efficiency by automating administration tasks wherever possible.
Experience and Skills:
- Minimum of a B.S. in Computer Science, MIS or related degree and ten (10) years of related experience or a combination of education, training and experience.
- ISC2 (CISSP, CCSP, ISSAP), SANS GIAC (GCCC, GCIA, GCFA, GMON, GCIH, GPEN, GREM, GXPN), Offensive Security (OCSP, OSCE) or other security vendor certification highly desirable
- Experience with data loss prevention (DLP) solutions, Network Access Control (NAC) Solutions and Enterprise Mobile Management (EMM)
- Experience with next generation firewall, web filtering, IPS, VPN, NAC, WAF solutions
- Experience with anti-malware, endpoint detection response (EDR), host based intrusion detection (HIDS), host based firewall solutions
- Experience with email protection gateway, anti-spam solutions
- Experience with mobile device management (MDM), enterprise mobile management (EMM) solutions
- Experience with security information and event monitoring, remote logging, log aggregation, correlation solutions (SIEM)
- Experience with vulnerability scanners
- Experience with encryption at rest, in transit, Public Key Infrastructure (PKI) solutions
- Experience with data loss prevention (DLP) solutions
- Experience with identity and access management (IAM), single sign on (SSO) solutions
- Experience with load balancer, reverse proxy solutions
- Experience with troubleshooting and determining root cause analysis through log/packet analysis & debugging
- Experience in scripting or automation
- Intermediate experience with Linux
- Sound understanding of security concepts behind the authentication, authorization and auditing (AAA) framework
- Sound understanding of Microsoft products such as; Windows, Active Directory, GPOs, Exchange
- Sound understanding of network architecture, protocols, and standards
- Knowledge of web application security, secure development lifecycle (SDLC), OWASP
- Knowledge of cloud security SaaS, PaaS, IaaS (O365, Azure, AWS, GCP), cloud access security broker (CASB)
- Knowledge of service management frameworks (ITIL)
- Ability to work effectively with technical and non-technical personnel in a cross-functional setting
- Excellent verbal and written communication skills
- Analysis: Identify and understand issues, problems, and opportunities; compare data from different sources to draw conclusions.
- Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
- Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take actions that are consistent with available facts, constraints, and probable consequences.
- Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise.
- Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals.
- Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.