Company Confidential


  • Evaluate, design, implement, operate, and maintain information security technologies, including:
    • Firewalls, Intrusion Prevention Systems, Email Security Gateways, Web Security Gateways, Web Application Firewalls, Vulnerability Management Tools, Security Incident and Event Management Systems, Anti-Malware Solutions, Remote Access VPNs, and Encryption technologies;
  • Provide 24×7 on-call support for IT security infrastructure on a rotational basis;
  • Evaluate, design, and implement technical and procedural controls to assure the client’s compliance with relevant laws, regulations, policies, and standards;
  • Analyze and respond to real-time and archived intrusion, vulnerability, and audit data;
  • Perform risk assessments on IT products and services and make appropriate recommendations;
  • Develop and implement security test plans, compensating controls, policies, and procedures;
  • Maintain awareness of up-to-date threat and vulnerability profiles, including related countermeasures;
  • Protect the client’s information assets by proactively identifying and mitigating risk;
  • Execute IT security projects and tasks with minimal oversight;
  • Perform other related duties as assigned.


Desired Skillset:

–    5+ years of experience in information security engineer role / 7+ years of experience in IT;

–    Experience executing IT projects with minimal oversight;

–    Information security certification (CISSP, CISA, GSEC, CEH, etc.);

–    B.S. in Computer Science (or related field) or 10 years of experience

–    Experience applying information security standards and frameworks from NIST, CIS, ISACA, etc.;

–    Extensive experience administering and securing Windows workstations and servers (certification preferred);

–    Extensive experience troubleshooting network, software, and hardware issues;

–    Expert-level knowledge of a wide range of core security technologies, including most if not all of:

  • Network Vulnerability Testing Tools (ex. Nessus, Retina, NeXpose, etc.),
  • Security Incident and Event Management (SIEM) Systems (ex. LogRhythm, ArcSight, etc.),
  • Web Security Gateways (ex. Websense, Blue Coat, etc.),
  • Firewalls (Check Point experience and certification preferred),
  • Intrusion Prevention/Detection Systems (IPS/IDS),
  • Email Security Gateways (anti-spam systems),
  • Antivirus Software (ex. SEP),
  • Malware Removal Tools (ex. Malwarebytes),
  • Remote Access VPNs, and
  • Encryption solutions;

–    Familiarity with a wide range of standard concepts and protocols along including their security implications,

  • Examples: TCP/IP, DNS, DHCP, NTP, HTTP, FTP, SSH, TLS/SSL, IPsec, RADIUS, Kerberos, LDAP, SNMP, SQL, OSPF, BGP, VLAN, 802.1x, 802.11, VPN, NAT, and PKI;

–    Experience with information security compliance audits (ex. PCI, SOX, HIPAA, NERC, FISMA, etc.);

–    Familiarity with and experience securing UNIX/Linux servers;

–    Familiarity with and experience securing network infrastructure;

–    Familiarity with and experience securing SQL Server and Oracle databases;

–    Familiarity with and experience securing web-based applications;

–    Experience deploying and configuring application security technologies, including:

  • Web Application Firewalls (ex. Imperva, Barracuda WAF, etc.),
  • Application Vulnerability Testing Tools (ex. AppScan, Burp Suite, etc.), and
  • Application Whitelisting solutions (ex. Bit9, AppLocker, etc.);

–    Experience drafting reports for and presenting to executive-level audiences;

–    Experience developing security awareness training materials

–    Scripting experience (Bash, Python, etc.)

–    Penetration testing experience

To apply for this job email your details to