IT – Security Engineer

Description Purpose:

The IT Security Engineer is responsible for a variety of IT Security related support tasks which ensures the development, implementation, monitoring and maintenance of security controls governing processes, procedures, and systems. This individual will identify, collect, analyze, interpret, and assist in the development of security metrics and reports. Which will include actively working with senior IT Security staff, Systems Administrators, Network Team, Application Experts, and IT Service Desk to ensure IT Security Policies and Procedures are implemented correctly.

The IT Security Engineer must be results oriented, should be able to work under pressure, and assist senior members of the IT Security team to solve complex information security problems. In addition, the individual must have good verbal and written communication skills, be able to work efficiently in a team environment, and be able to provide guidance to junior members of the IT.

These responsibilities also include, ensure current IT Security Controls and toolsets are aligned with company policy, legislative and business data security requirements, such as GLBA, PCI, SOX, SOC, etc


• Perform vulnerability assessments, scanning and risk reviews using vulnerability scanners and exploitation tools
• Execute periodic system / application user access reviews as required by IT Security Policies.
• Verify security patch processes to ensure critical patches are applied to systems properly
• Be familiar with OWASP Top 10 web application security standards and perform dynamic analysis of web applications on a regular basis
• Assist with the proof-of-concepts and testing of new security software and tools being considered by the organization
• Assist with the day-to-day audit of the servers, applications, and end-user systems to identify risks. Including remediating these identified risks.
• Document the various IT security procedures, standards and guidelines and keeping various security documents current and up-to-date
• On a 24/7/365 basis, assist monitoring for security events and assist in security incident response
• Assist in developing and maintaining security program metrics to measure program metrics
• Provide periodic status reports on current projects and activities, along with completing weekly timesheets.
• Assist with the due-diligence process for external and third-parties and providing the information as and when required by the clients.
• Complete service desk tickets in a timely manner to ensure aging does not exceed 90 days.

“We are an equal opportunity employer and drug-free workplace. If offered employment, applicant must be willing to submit to a background check/drug test.”

Requirements Bachelor’s degree in Information Technology is preferred. Two years of equivalent combination of education and experience in Systems Administration or Information Security.
Two years Systems Administration experience required.
Preferred two years of experience in execution of Information Security programs, tools, processes and best practices.
Must possess Security+ certification
Knowledge of how to properly secure Windows servers, Linux/Unix, and desktop systems
Knowledge of common application vulnerabilities, current threat vectors and mitigations
Hands-on experience with;
◦ Port and network scanners such as NMAP
◦ Vulnerability Assessments tools such as Qualys, Nessus
◦ Penetration and Vulnerability validation tools such as, Metasploit
◦ Log Management or SIEM solutions such as Solarwinds LEM
◦ Office 365 data protection tools, such as Azure RMS
◦ Anti-Malware solutions such as Sophos
◦ Data Classification tools, such as Identity Finder
◦ Intrusion Prevention Systems such as Cisco Firepower
◦ Web Application Firewall, such as Akamai WAF
Experience working with IP networking, networking protocols and understanding of security related technologies
Experience with VMware
Experience working with internet and web application security techniques (SANS and OWASP)
Experience working with leading firewall, scanning and intrusion detection technologies
Experience working with logging and file integrity monitoring tools
Familiarity with IT security standards and best practice frameworks (Cobit, ITIL, PCI, SOC, and SOX)
MS Office, Detailed-oriented with strong analytical and problem solving skills, strong ability to think strategically and analyze
information timely and accurately, strong interpersonal communication skills to deal effectively with all levels of the
Excellent written and verbal communication skills required.


. . . . . . . .

Leave a Reply