Company Confidential
Responsibilities:
- Evaluate, design, implement, operate, and maintain information security technologies, including:
- Firewalls, Intrusion Prevention Systems, Email Security Gateways, Web Security Gateways, Web Application Firewalls, Vulnerability Management Tools, Security Incident and Event Management Systems, Anti-Malware Solutions, Remote Access VPNs, and Encryption technologies;
- Provide 24×7 on-call support for IT security infrastructure on a rotational basis;
- Evaluate, design, and implement technical and procedural controls to assure the client’s compliance with relevant laws, regulations, policies, and standards;
- Analyze and respond to real-time and archived intrusion, vulnerability, and audit data;
- Perform risk assessments on IT products and services and make appropriate recommendations;
- Develop and implement security test plans, compensating controls, policies, and procedures;
- Maintain awareness of up-to-date threat and vulnerability profiles, including related countermeasures;
- Protect the client’s information assets by proactively identifying and mitigating risk;
- Execute IT security projects and tasks with minimal oversight;
- Perform other related duties as assigned.
Desired Skillset:
– 5+ years of experience in information security engineer role / 7+ years of experience in IT;
– Experience executing IT projects with minimal oversight;
– Information security certification (CISSP, CISA, GSEC, CEH, etc.);
– B.S. in Computer Science (or related field) or 10 years of experience
– Experience applying information security standards and frameworks from NIST, CIS, ISACA, etc.;
– Extensive experience administering and securing Windows workstations and servers (certification preferred);
– Extensive experience troubleshooting network, software, and hardware issues;
– Expert-level knowledge of a wide range of core security technologies, including most if not all of:
- Network Vulnerability Testing Tools (ex. Nessus, Retina, NeXpose, etc.),
- Security Incident and Event Management (SIEM) Systems (ex. LogRhythm, ArcSight, etc.),
- Web Security Gateways (ex. Websense, Blue Coat, etc.),
- Firewalls (Check Point experience and certification preferred),
- Intrusion Prevention/Detection Systems (IPS/IDS),
- Email Security Gateways (anti-spam systems),
- Antivirus Software (ex. SEP),
- Malware Removal Tools (ex. Malwarebytes),
- Remote Access VPNs, and
- Encryption solutions;
– Familiarity with a wide range of standard concepts and protocols along including their security implications,
- Examples: TCP/IP, DNS, DHCP, NTP, HTTP, FTP, SSH, TLS/SSL, IPsec, RADIUS, Kerberos, LDAP, SNMP, SQL, OSPF, BGP, VLAN, 802.1x, 802.11, VPN, NAT, and PKI;
– Experience with information security compliance audits (ex. PCI, SOX, HIPAA, NERC, FISMA, etc.);
– Familiarity with and experience securing UNIX/Linux servers;
– Familiarity with and experience securing network infrastructure;
– Familiarity with and experience securing SQL Server and Oracle databases;
– Familiarity with and experience securing web-based applications;
– Experience deploying and configuring application security technologies, including:
- Web Application Firewalls (ex. Imperva, Barracuda WAF, etc.),
- Application Vulnerability Testing Tools (ex. AppScan, Burp Suite, etc.), and
- Application Whitelisting solutions (ex. Bit9, AppLocker, etc.);
– Experience drafting reports for and presenting to executive-level audiences;
– Experience developing security awareness training materials
– Scripting experience (Bash, Python, etc.)
– Penetration testing experience
To apply for this job email your details to Info@princetonstaffingsolutions.com