Security Engineer
Description:
Job Description
ComResource is looking for a Security Engineer.
This person will be responsible for working in several different security and governance, risk, and compliance disciplines under the direction of the Director of IT Security & Governance. In this role, you will establish and maintain a corporate-wide information security program and controls to ensure that information assets are adequately protected and will act as an adviser to the various business units. This position requires strong knowledge of security concepts, tools (anti-virus, IPS), and programs (vulnerability management, incident management, identity & access management, data loss prevention). Responsibilities include designing, implementing, supporting, and monitoring the security infrastructure. This position is also responsible for ensuring compliance with security requirements such as Sarbanes-Oxley and PCI.
Responsibilities:
Strategic Support
Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of the existing controls, recommends remedial action
Manage the process of gathering and analyzing the current and future threat landscape
Monitor and report on compliance with the security policies, as well as the enforcement of policies with the IT Department
Security Liaison
Coordinate the Security Event Information Management log analysis (i.e. Splunk or similar), applications whitelisting malware analysis, quarantine, and eradications
Work with the IT leadership and business stakeholders to define metrics and reporting strategies that effectively communicate the successes and progress of the security program
Engineering Support
Assess and evaluate outsourced vendors that provide information security functions for compliance with the contracted service-level agreements
Manage and coordinate operational components of incident management, including detection, response, and reporting
Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends, practices, laws, and regulations
Perform day-to-day activities for threat and vulnerability management, identify risks, and identify possible treatment plans
Assist in the design and oversight of security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks
Operational Support
Research, evaluate, design, test, recommend, or plan the implementation of the new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools
Assist the enterprise architecture team to ensure that there is a convergence of business, technical, and security requirements; liaise with the IT management to align existing technical installed base and skills with the future architectural requirements
Develop strong working relationships with the corporate and brand infrastructure teams to develop and implement controls and configurations aligned with security policies, legal, regulatory, and audit requirements
Develop and validate baseline security configurations for the operating systems, applications, networking, and telecommunications equipment
Ensure corporate standards are properly communicated to technology units, business partners, and customer teams
Participate in efforts to validate security solutions and ensure strategies are aligned with the business architecture
Provide technical support for the establishment and implementation of end-to-end security solutions utilizing new technologies
Provides technical expertise for vulnerability and management, patch management, and security baselines
Essentials:
Bachelor's degree, CISSP certification, or relevant industry experience
Excellent technical knowledge of mainstream operating systems (i.e. Windows, Linux, MacOS, etc.) and a wide range of security technologies, such as network security appliances, identity and access management systems, anti-malware solutions, automated policy compliance and desktop security tools
Extensive knowledge and experience with technical security controls and vulnerabilities including IPS, anti-virus, vulnerability scanners, firewalls, and other security devices
Technical expertise in vulnerability management, patch management, and security baselines
Knowledge and understanding of information risk concepts and principles, risk assessment methods, and technologies
Strong project management skills including requirements analysis, project scoping, problem-solving, status reporting, technical analysis, and meeting tight deadlines
Strong technical consulting skills including making recommendations in both written and oral form, leading training for clients and peers, understanding client work practices, and showing initiative when confronted with urgent and complex technical dilemmas
Strong collaborative and communication skills including working with internal cross-discipline teams, vendor engineering resources, and client technical leads
Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff
Experience in security technologies (IPS, anti-virus, firewall, etc.)
Security Planning, Installation, and Administration (3-5 Years)
IPS, Anti-Virus, Logging, Vulnerability Management (3-5 Years)
Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts highly desired (3-5 Years)
Experience with security design and implementation
Knowledge of best practices for security and compliance (NIST, ISO, PCI, SOX)
Web application experience preferred
Demonstrate effective decision-making, problem-solving, analytical, and communication skills
Must possess a high level of initiative and self-motivation
Ability to work independently and effectively building partnerships to facilitate the accomplishment of goals
Strong organizational/time-management skills
Effective at planning and leading meetings to accomplish stated goals and objectives