Information Security Engineer

Qualifications:

• Performing installation and configuration management of security systems and applications, including: policy assessment and compliance tools, network security appliances and security systems.
• Reporting unresolved network security exposures and misuse of resources or noncompliance situations using defined escalation processes.
• Developing and maintain documentation of security systems and procedures.
• Responding to security incidents and escalating security incidents as appropriate.
• Monitoring system logs, SIEM tools and network traffic for unusual or suspicious activity and interprets and make recommendations for resolution.
• Assisting in coordination of remediation required by audits, and document exceptions as necessary.
• Researching threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
• Conducting penetration tests and vulnerability assessments on information systems and infrastructure.
• Monitoring security vulnerability information from vendors and third parties.
• Assisting in security investigations and compliance reviews, as requested by internal or external auditors.
• Assisting in the development of security architecture, policies, principles and standards.
• Researching, evaluating, designing, testing, recommending and planning the implementation of new or updated information security technologies.

• Strong team-oriented interpersonal skills, with the ability to effectively interface with a broad range of internal/external contacts and roles, including vendors and IT-business personnel.
• Excellent presentation, persuasion, written and interpersonal skills to include procedure and technical material, report/proposal preparation and oral presentation.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

• Mainstream operating systems [for example, Microsoft Windows and Red Hat Linux] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.

• Network security technologies (e.g. SIEM, DLP, Firewalls, IDS, IPS, Web Application Firewalls, Load Balancers, Web Filtering proxies, Email Gateways, along with routing and switching fundamentals)
• Risk assessment, threat and incident management methodologies.
• Network infrastructure, including routers, switches and the associated TCP/IP network protocols and concepts.
• Regulatory requirements such as PCI, FFIEC and Gramm-Leach-Bliley Act.
• Governing security best practices such as NIST and CIS.

Ability to:

• Contribute and collaborate as a team member.
• Work proactively and independently.

Knowledge of Security concepts and ability to apply them to business processes (concept of least privilege, handling of contractor access, concept of locking down, integration/production environments), etc.