The Information Security Engineer / Architect will be responsible for providing technical leadership to help facilitate the delivery of enterprise security solutions to ensure that information assets are adequately protected, while assisting in the operation of existing security processes and tools.
- Work with business and IT groups to understand application or service requirements, then translate those into securely designed enterprise solutions.
- Identify risks and evaluate the effectiveness of security controls across IT infrastructure, cloud services, networks, and server/desktop systems.
- Participate in application and network infrastructure projects to provide security planning guidance.
- Perform IT system and product evaluations to facilitate secure solution delivery to the firm.
- Develop project documentation including detailed security roadmaps, plans, architecture designs, implementation plans, and operational training materials.
- Provide technical guidance, oversight, and enforcement of security directives, policies, standards, plans, and procedures.
- Assess, design, implement, and integrate enterprise security solutions such as application and network firewalls, intrusion prevention systems, vulnerability management systems, incident response systems, denial-of-service prevention, web content filtering platforms, security information and event management, data loss prevention, anti-malware, threat intelligence/hunting, endpoint security, and security analytics.
- Maintain knowledge of financial industry trends, current security issues, security best practices, and new security technologies.
Required Skills – this role is highly technical, requiring a minimum of five years’ experience in an information security engineering and/or architecture role:
- Experience with technology risk assessment, risk management, compliance, and security policy formulation.
- Experience with capturing business requirements, risk areas, and translating them into securely designed technical requirements for enterprise solutions.
- Experience in enterprise security architecture including review, design, implementation, and operations.
- Experience with security vulnerability assessment and management tools.
- Experience with performing incident response and identifying indicators of compromise (IOCs).
- Knowledge of computer forensics, including determining the source of an incident and preserving evidence.
- Excellent written, verbal, presentation, and communication skills.
- Very strong understanding of TCP/UDP, security protocols, IP protocols and packet analysis.
- Experience in conducting penetration testing tasks.
- Experience with Linux and Microsoft operating system administration.
- Experience with mobile and smart device security, including authentication mechanisms.
- Project management background with good multitasking and prioritization skills.
- Prior financial industry experience is a plus.
- CISSP, GCFA, GCIH, CISA or CISM security certificates is required.
- Knowledge of standards, rules and regulations related to information security and data confidentiality (NIST, ISO 2700x, HIPAA, PCI).
- Very strong analytical and problem solving skills.
- College degree preferred.
Please email resume to [email protected]