About the Company: The Information Security and Compliance Team are responsible for analyzing the technology based security risks in our environment and maintaining a robust security posture that aligns with our corporate risk profile and compliance objectives. This position serves as an internal Information Security Engineer that will assist in designing, implementing, supporting and maintaining, security solutions and policies for Corporate and Cloud hosted environments.
The Information Security Engineer will perform ongoing security operations tasks and help engineer security solutions across the enterprise. The Information Security Engineer will investigate and respond to incidents escalating as necessary. This position demands an organized, detail oriented team player with the ability to prioritize tasks and support multiple initiatives simultaneously; strong technical ability and excellent communication is required.
- Monitor and analyze systems for indication of security incidents.
- Initiate security incident handling procedures and create incident handling reports.
- Perform log correlation and analysis.
- Provide engineering, maintenance and reporting for various security tools including vulnerability scanners, SIEM, UTMs, HIDS, etc.
- Provide audit support with respect to technical controls and their implementation and efficacy.
- Create tooling and automation to make common tasks more efficient.
- Support continuous monitoring programs in Cloud and Corporate environments to ensure control activities are operating effectively.
- Document security processes and operational tasks as needed.
- Interface and coordinate activities associated with legal holds.
Share This Position:
- B.S. in Computer Science, Management Information Systems or similar discipline (minimum GPA 3.0).
- Experience with engineering enterprise-grade security solutions.
- Prior experience with SOX ITGC compliance and/or other regulatory frameworks.
- Demonstrated incident response and handling capabilities.
- Ability to make decisions independently based on sound analysis and proactively escalate events as necessary.
- Solid understanding of identity management, authorization and authentication technologies and solutions.
- Application and web security knowledge.
- Network security solutions to include NGFW, IDS/IPS, network and host-based forensics.
- Capable of leading vulnerability assessment and remediation efforts.
- PowerShell scripting and WMIC expertise.
- Email security gateway administration experience.
- Experience with endpoint security threat monitoring and detection.
- Security certifications desired (CISSP, GIAC, etc.).
- 5-10 years’ experience in IT security.