Job description
Position Summary:
The security engineer provides support to ensure applicable information protection policies, procedures, guidelines, best practices are followed. Performs Security Risk Assessments (SRAs) and performs compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures. Educates stakeholders in the assessment process and lead both pre- and post-assessment meetings. Analyzes and explains the security vulnerabilities found during the assessment process and provide guidance on acceptable remediation actives to the program/project team. Works with senior system engineers to ensure that capabilities will be integrated into the developed systems including requirement validation, architecture and design, and producing appropriate documentation. Sets and provides technical guidance and direction to security engineering team involved in system security engineering activities across a system of systems and defines, implements, and enforces system security engineering processes to be applied to multiple projects by the security engineering team. Ensures program compliance to information sharing initiatives, identity & privacy (PII) issues, information security and assurance policies, and federal guidance and standards.
RESPONSIBILITIES
- Develop and maintain the IT security Incident Response Program
- Adhere to existing risk management frameworks, such as NIST 800-171, 800-53, CMMC, etc.
- Develop business process mapping for implementation of security policies and standards throughout enterprise
- Ensure security of customer endpoints utilizing latest technologies focused on malware, threat detection, and behavior analysis
- Develop process flows and mapping of security architecture components as part of an enterprise architecture.
- Analyze output from network vulnerability assessments and recommend mitigation strategies;
- Review and provide feedback on security plans and procedures regarding all aspects of LAN, WAN or MANs, as applicable;
- Assist in designing security products to include firewalls, intrusion detection systems, antivirus, patch management, etc.;
- Configure alerting mechanisms to allow for fast resolution of incidents. Especially SolarWinds™
- Review and provide input into network designs to ensure compliance with security and enterprise architecture;
- Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the IT security branch.
- Build/enhance security architecture and configure network to enhance the security posture of the enterprise
- Develop and/or implement automated security testing tools where possible.
- Implement protective measures and respond to alerts regarding suspected phishing, CaSB or DLP information sharing violations, and staff, faculty or student account anomalies.
- Become escalation point for desktop support teams in regards to IT security related incidents
- Train desktop support staff in regards to best cyber security practices.
- Provide forensic analysis support in the case of any cyber security incident.
- Provide security input on overall software architecture.
- Liaison with compliance teams for internal and external software compliance efforts.
- Performs hands-on testing of applications, as well as build and enforce information risk management requirements and structure, including providing practical secure architecture skills and developing and implementing Information Security best practices
MINIMUM QUALIFICATIONS, KNOWLEDGE, SKILLS, AND ABILITIES:
Formal Education & Certification
- Bachelor’s degree in Information Technology, Computer Sciences or equivalent. Master’s degree desirable
- Highly desirable to hold one or more of the following certifications:
- GSEC
- CISSP
- CISA
- Security +
Knowledge & Experience
- 8 years or more of professional experience with 4 or more years in IT security.
- Must have the knowledge of IT security technologies such as firewalls, intrusion detections systems, antivirus, patch management, etc, and the interest and experience to work on security policy and architecture.
- Experience in engineering and operational roles (a plus if both roles at the same time).
- Familiar with DHS and NIST security policy and be able to review against security architecture technical requirements.
- Intermediate to advanced knowledge of information security concepts.
- Knowledge of network architecture and design, network Security, wireless Security and client/server security. Very strong computer networking skills (TCP/IP, Ethernet, etc.) and understanding of networking protocols.
- Security of virtual machine environments is highly desirable.
- Knowledgeable about deployment of wireless LAN and wireless IDS
- Knowledge of vulnerability assessment/network discovery and associated tools
- Understands infrastructure monitoring
- Knowledge of securing Linux/Unix, Mac OS X, and Windows systems.
- Experience with various types of firewalls and technologies.
- Experience with identity management solutions including password policy, authentication methods, Single Sign One (SSO), and Multi-factor Authentication (MFA).
- Demonstrated process improvement experience
Skills & Abilities
Basic skills needed include:
- Endpoint Security Solutions
- Risk management and security risk assessments
- Splunk or other SIEM tools
- Forensic Analysis
- Authentication and authorization, SSO, and MFA
- Enterprise aware (change control, downstream impacts, understanding of cause and effect, change windows, etc.).
- Recognized as a strategic thinker and is results oriented.
- Demonstrated effective strong team player and self-motivator. Ability to work and interface internally with a IT and other functional support groups with minimal guidance.
- Demonstrated successful experience in a customer-facing role.
- Demonstrated communicator both written and verbal, with effective presentation delivery and meeting facilitation.
- Demonstrated effective time management, organizational and documentation skills.
- Good analytical and troubleshooting skills.
colinoncars.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, colinoncars.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, colinoncars.com is the ideal place to find your next job.