Information Security Engineer

Position Overview:

Information Security Engineer implements and executes the network security controls across multiple data centers.  The role will coordinate a variety of network and infrastructure requests between teams, partners, and clients and evaluate new and existing network/security architecture requirements, participate in system design, and provide technical assistance as required. In addition, this role will analyze attempted efforts to compromise security protocols, policies, vulnerability management and a rotating on call schedule.  Additional duties will also include conducting risk assessments, performing vulnerability scans, troubleshooting and responding to alerts and assisting with the development of policies and standards.

Role and Responsibilities:

  • Network security review and troubleshooting
  • Resolve network and system security issues using computer host analysis, forensics, and
    reverse engineering 
  • Maintain security requirements
  • Monitor, Review and Troubleshoot alerts
  • Manage Vulnerability tools and scans
  • Test security measures including OS patches, system hardening, and application configuration
  • Project security representation
  • Develop whitepapers
  • Security compliance monitoring
  • Produce security standards
  • Participate in project meetings to advise business stakeholders and IT staff on best practices
  • Escalation for technical security questions and problems
  • Resolve network and system security issues using computer host analysis, forensics, and
    reverse engineering
  • Define and maintain standards and product selection methodology, review and approve
    solution architecture and design from a security perspective
  • Network security audit
  • Understand and develop countermeasures against network attacks using vulnerability
    analysis and knowledge of exploit techniques
  • Acquisition and new office security review
  • Perform security research
  • Produce security risk advisories based on newly identified threats and risk assessment
  • Security tool evaluation, testing, selection, certification, and integration
  • Perform and document internal and external vulnerability assessments
  • Create lab environment and automate test procedures associated with above testing

Minimum Qualifications:

  • Bachelor’s degree in Information Systems, Computer Science, Information Security, Data Security, Network  Security, or related technical discipline required; advanced
    degree is a plus
  • CISSP is required; CISM, CISA, Security+ or other recognized information security certifications or accreditations are a plus
  • Minimum of 8 years of recent, consistent hands-on experience with modern technologies
  • Experience with systems analysis including, but not limited to: Gathering requirements from stakeholders, Constructing RFP/RFQs, devising and planning
    proof-of-concepts, defining use and test cases, driving critical security infrastructure projects, creating cogent status reports for senior management,
    strong technical understanding of vulnerabilities, and how attackers can exploit vulnerabilities to compromise systems
  • Working knowledge of security technologies such as DLP, SIEM, IDS/IPS, Web filters, two
    factor authentication, web application firewalls, Active Directory Group Policy
  • Ability to establish both SLA and KPI driven metrics for measuring performance
  • Experience with vendor management    
  • Familiarity with network technologies (switches, routers, firewalls, VPNs, remote connection technologies, and multiple domain environments)F
  • Familiarity with tools like Qualys, Rapid7, Q1 Labs, McAfee Suites (Host & Network),FireEye, BlueCoat, Juniper, Palo Alto Networks, MDM solutions are a plus
  • Knowledge of vulnerability sources such as SANS, US-CERT, commercial vendors (Symantec, SecureWorks, McAfee, IBM, etc.)
  • Knowledge of public intelligence sources such as ICS-CERT, FBI Infragard, HSIN
  • Knowledge of paid intelligence sources such as Verizon iDefense, RiskIQ, Critical Intelligence, Cybertrust
  • Strong, concise communication skills with a brisk writing style; able to build a compelling and effective narrative
  • Excellent verbal, written, and presentation skills; in particular, demonstrated ability to effectively communicate technical and business issues and solutions to
    multiple organizational levels internally and externally as needed
  • Solid analytical and problem solving skills; ability to think strategically and turn ideas into actions
  • Able to work independently, yet seamlessly integrate activities with other teams when needed
  • Ability to lead, guide, support, and mentor staff
  • Ability to work with little supervision and consistently deliver results
  • Able to lift 50 lbs. and see color coded events.
  • 24/7Rotating On Call Schedule


. . . . . . . .

Leave a Reply