Information Security Engineer

Company Confidential

Primary Duties and Responsibilities (details of the basic job functions):

Provide support to information technology staff and work closely with information technology leadership to develop and implement a comprehensive information security program.  This includes defining security policies, processes and standards.   Work within the IT department to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.   Lead the installation/configuration of boundary control and security monitoring technologies to maintain the confidentiality, integrity and availability of company information.  Provide support for applications as they relate to security functions and collaborate on IT projects to ensure that security issues are addressed throughout the project life cycle.  Review data requests for information access and determines appropriate security action.  Support data encryption deployments, including key management.  Monitor internal control systems to ensure that appropriate information access levels and security clearances are maintained and reports unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.  Collate security incident and event data to produce monthly exception and management reports.
Qualifications:

Required Qualifications (these are the minimum requirements to qualify):

Education:
Bachelor degree in Computer Science, Information Systems, Business Administration and/or equivalent security certification (CISSP, SSCP, GIAC, CEH, etc).
 
Extensive experience in/with:
  • Performing installation and configuration management of security systems and applications, including: policy assessment and compliance tools, network security appliances and security systems.
  • Reporting unresolved network security exposures and misuse of resources or noncompliance situations using defined escalation processes.
  • Developing and maintain documentation of security systems and procedures.
  • Responding to security incidents and escalating security incidents as appropriate.
  • Monitoring system logs, SIEM tools and network traffic for unusual or suspicious activity and interprets and make recommendations for resolution.
  • Assisting in coordination of remediation required by audits, and document exceptions as necessary.
  • Researching threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
  • Conducting penetration tests and vulnerability assessments on information systems and infrastructure.
  • Monitoring security vulnerability information from vendors and third parties.
  • Assisting in security investigations and compliance reviews, as requested by internal or external auditors.
  • Assisting in the development of security architecture, policies, principles and standards.
  • Researching, evaluating, designing, testing, recommending and planning the implementation of new or updated information security technologies.
 
Skills:
  • Strong team-oriented interpersonal skills, with the ability to effectively interface with a broad range of internal/external contacts and roles, including vendors and IT-business personnel.
  • Excellent presentation, persuasion, written and interpersonal skills to include procedure and technical material, report/proposal preparation and oral presentation.
  • Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Technical knowledge of:
  • Mainstream operating systems [for example, Microsoft Windows and Red Hat Linux] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
Working knowledge of:
  • Network security technologies (e.g. SIEM, DLP, Firewalls, IDS, IPS, Web Application Firewalls, Load Balancers, Web Filtering proxies, Email Gateways, along with routing and switching fundamentals)
  • Risk assessment, threat and incident management methodologies.
  • Network infrastructure, including routers, switches and the associated TCP/IP network protocols and concepts.
  • Regulatory requirements such as PCI, FFIEC and Gramm-Leach-Bliley Act.
  • Governing security best practices such as NIST and CIS.

 

To apply for this job email your details to Info@princetonstaffingsolutions.com