Network Security Engineer

Location: Boston office 3 days per week. and 2 days a week remote

Job is 80% security and 20% networking.

Requirements:

Infrastructure experience based on job description

Network experience based on job description, and

1-2 years of security engineer experience.

Must understand the fundamentals of what cloud such as Azure functions, and be able to give security insights.

Candidates must understand how to approach a system as such from a security perspective.

Windows experience but not Linux.

Must understand firewalls in general and how to analyze from security perspective.

RESPONSIBILITIES – Security core functions:

Vendor Management and Security Oversight:

Observe and respond to alerts from eSentire, Mimecast, 365, Digital Guardian, Jira, and Masergy, collaborating with outsourced SOC to contain and remediate issues.

Maintain list of Third-Party Vendors and Security Documentation for each vendor

Work with other IT departments to vet security configurations of third-party products

Continuous Monitoring of Security incidents in the wild with all vendors associated with MG+M.

Managing, Summarizing, and Inventory of all OCG for clients and Insurers

Security Infrastructure Management:

Evaluate, architect, build, and support security infrastructure, including IPS/IDS, EDR, Vulnerability Scans, Data Loss Prevention, SIEM, NAC, DUO MFA, and systems.

Configure network security monitoring functions and provide detailed reporting.

Continuously building documentation for all systems

Vulnerability Management and Incident Response

Run vulnerability evaluations of protocols, hardware, and software, working with vendors to address identified vulnerabilities.

Continuously remediate vulnerabilities found in scans and works with other IT teams to remediate vulnerabilities in a timely fashion.

Assist with security incident response efforts, following the Incident procedures: Identify, Protect, Detect, Respond, Recover.

Field service desk tickets in response to end user security incidents

Compliance and Training:

Uphold policies reflected in the Information Policy Suite documents, ensuring client and team compliance.

Perform analysis of vulnerability data, improve remediation strategies, and spread security awareness through internal communications.

Assist on conducting yearly penetration testing, review results, and provide recommendations for improvement.

Assist on Gathering evidence for Internal and External Audits

Assist on Cyber security Training efforts for the firm.

RESPONSIBILITIES – Networking core functions:

Network Security Troubleshooting and Support:

Act as an escalation-level engineering resource responsible for the network security of all technology platforms.

Troubleshoot all aspects of the technology platform, including integration with Windows-10, Citrix, VPN, Office 2016, O365, Azure, and mobility.

Security Infrastructure Configuration:

Install, configure, and maintain a variety of network security services, including WAN circuitry, routers, firewalls, and other security devices.

Assist in ensuring disaster recovery and business continuity plans are in place and tested.

Collaboration and Compliance:

Work collaboratively with the Infrastructure Team and Consultants to configure security in the AZURE/O365 environment.

Adhere to Microsoft best practices, track, and report Microsoft tickets as needed.

Assist Information Security manager with vendor onboarding and offboarding processes.