Senior Security Engineer
Essential Functions:
Help to set strategic direction for information security initiatives, processes, and standards.
Establish enterprise architecture standards, processes and procedures based on industry standards.
Research, evaluate, and drive next-generation security technologies and concepts to keep supported enterprise security architecture ahead of the curve.
Build relationships and collaborates with IT functional areas to ensure all visions are aligned and in compliance with the enterprise information security program.
Conduct and attend project meetings to provide security and governance input throughout project lifecycles.
Consult with decision-makers in the areas of secure network design, access/authentication controls, IaaS (Infrastructure As A Service) and others.
Coordinate the creation and annual review for disaster recovery (DR) and business continuity plans (BCP); as well as consult with Infrastructure team for IT solutioning for business continuity.
Create, refine, deliver, and evangelize information security standards to be used throughout the enterprise that balance business needs and external requirements.
Ensure through creation or delegation that all security-related documentation is complete, current, and stored appropriately.
Analyze enterprise-wide development needs and management of an architecture governance process.
Autonomously prepare reports and audit findings remediation plans in response to Internal audits, penetration tests or vulnerability scans.
Report to executive team on the effectiveness of data security as implemented by internal and external business partners and make recommendations for the adoption of new procedures or controls.
Participate in security event investigations producing Incident Response Documentation and ensure corrective actions are implemented.
Create end-to-end security solutions involving a mix of technical and organizational requirements.
Monitor changes in the legislative, regulatory, and contractual landscape to ensure that the information security program adapts to meet the objectives of the business.
Must maintain confidentiality at all times.
Also includes other duties or responsibilities that management may deem necessary to meet the goals of the security program.
Required Education, Knowledge, and
Experience:
Bachelor's Degree in Cyber Security, Information Technology or related field.
Minimum of 10 years of IT-related work experience in large, complex technical environments.
Demonstrable experience designing or managing an Enterprise IT security and compliance program.
Strong understanding of security tenets, such as encryption/key management, network design, access control and incident containment Demonstrated achievement in industry certifications such as penetration testing, vulnerability management, event monitoring and triage, incident response, forensics analysis, threat hunting, and security architecture.
Knowledge of the intricacies related to National Institute of Standards and Technology (NIST) best practices, the SANS Institute's ten security domains, Payment Card Industry Data Security Standard (PCI DSS) and state privacy laws.
Ability to maintain strict confidentiality.
Excellent written and verbal communication skills, including the ability to interact with executive leaders.
Ability to think analytically and creatively.
Ability to look at all situations objectively.
Demonstrable experience in policy and standards creation, acceptance and enforcement.
Preferred qualifications include:
Experience in other parts of IT as an administrator or engineer in a non-security role.
Experience with hosted and cloud services, especially Software-as-a-Service (SaaS) and Platform-As-A-Service (PaaS), and the related security implications and control approaches with an emphasis on hyper-converged systems.
Thorough understanding of risk management principles and processes.
Industry certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Security Essentials (GSEC), Certified Information Security Manager (CISM), etc.
Physical, Mental Requirements and Work Environment:
View computer monitor for an extended period of time Sitting for long periods of time.
Listening and talking.
Extended period of keyboard usage.
Engineering services delivered as part of both time and materials work and project work (including assisting with internal projects as necessary).
Demonstrate the ability to prioritize and manage competing demands and tasks, and successfully manage multiple engagements that may require additional resources.
Equal Opportunity Employer - Disability and Veteran Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
41 CFR 60-1.
35(c) Recommended Skills Access Controls Architecture Auditing Business Requirements Certified Information Security Manager Certified Information Systems Security Professional Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
