|Published||May 4, 2022|
Job Summary The Senior Information Security Engineer is responsible for supporting Company s information security program. This position requires a thorough understanding of current and emerging threats and technologies. In addition, this position is responsible for designing and deploying information security technologies to directly support the organization s efforts in securing the company s information and enforcing directives as mandated by regulations and Company policy. Duties Responsibilities Serve as subject matter expert on various special projects and initiatives within the organization. Lead the planning, design, documentation, and implementation of security solutions across the enterprise. Promote acceptance of security technologies within the organization, balancing business goals, security controls, and customer usability. Design, review and update information security policies, standards, procedures, and other related documentation. Responsible for providing guidance on security tool configuration, daily maintenance of security tools, updating of antivirmalware monitoring tools, detection and response to security alerts, and other various information security measures. Ensure that security findings and issues are followed up on and closed out as needed. Perform root-cause analysis on Information Security related incidents and update procedures or other controls to stopmitigate future incidents as well as determine and implement enhancements to improve security in the future. Solve complex security-related problems and take a broad perspective to identify strategic solutions. Maintain broad knowledge of best practices and stay informed on trends and issues in the field of Information Security, including current and emerging technologies. Ensure users understand and adhere to necessary procedures to maintain security. Assists in the development and periodic review of security procedures to ensure we are in compliance with Information Security defined policies. Ensures systems and software configurations comply with Information Security Requirements, Policies, and Standards. Assist in troubleshooting and solving a wide variety of security issues. Promote security awareness and provide trainingcommunications to internal end-users. Perform other related duties as assigned or requested. Minimum Qualifications 8+ years of progressive work experience in information technologyinformation security or an equivalent combination of education and work experience. Must be organized, detail-oriented, deadline-driven, and able to handle multiple responsibilities in a fast-paced environment. Advanced knowledge of information security products and implementations, with an emphasis on design in the areas of networks, servers, endpoints, applications, databases, and integration. Advanced knowledge regarding common attacks, attack methods, and defense architectures. Advanced knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security. Familiarity with common Information Security frameworks and standards and compliance and regulations such as ISO 27001, NIST, PCI DSS, HITRUST, HIPAA. Understanding of risk management principles and methodologies. Must possess superior problem-solving skills, be action-oriented and decisive. Excellent organizational skills and the ability to work under pressure to balance competing priorities in meeting business deadlines. Excellent written and verbal communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences. Self-motivated and able to perform with minimal supervision. Ability to collaborate in a team setting, as well as work independently. An understanding of organizational mission, values, and goals and consistent application of this knowledge. CISSP (Certified Information Systems Security Professional) certification is required. Preferred Qualifications Familiarity with privileged account management tools (e.g., CyberArk) is desired. Familiarity with vulnerability management tools (e.g., Tenable io) is desired. Familiarity with mobile device management (e.g., MobileIron, Intune) is desired. Familiarity with DUO multi-factor authentication is desired. Familiarity with Digital Guardian DLP is desired. Familiarity with Proofpoint Email Gateway is desired. Working knowledge of the Palo Alto Firewall is preferred. Working knowledge of the Palo Alto XDR is preferred. Identity Access Management (IAM) experience preferred. Cloud security experience preferred. Other security-related certification (e.g, GIAC, CISM, CISA, CEH, OSCP) is a plus. Education Bachelor s Degree in Computer Science, Engineering, MIS, Information Security, or related field of study or equivalent work experience.