The Security Engineer position defines, implements, and maintains security systems and processes to detect, access, and mitigate electronic threats to the companies computing environment. Works within the Information Security Team and the Information Systems department to assure compliance with State and Federal laws, PCI-DSS and organizational policies and standards. Evaluates external information from providers as it relates to the threat posture of the company. Provides technical information security leadership companywide in the assessment, planning, design, and implementation of appropriate information security architecture, processes, products, controls, and/or projects requiring significant or advanced expertise. Supports the core functions of security operations team. Oversees internal and external vulnerability and penetration tests. Provides security guidance and consultation to other company areas as requested.
Principal duties and responsibilities:
- Provides analytical and technical security recommendations to other team members, oversight boards, and clients. Identifies requirements, based upon need or as the result of a security issue that puts organizations systems at risk.
- Perform network penetration, web application testing, source code reviews, threat analysis, wireless network assessments and social engineering assessments
- Meets with clients and management to help specify and negotiate application security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of applications to production
- Develops technology to automate security monitoring
- Develop, debug, test and support the certification process
- Create, maintain, and document security baselines
- Evaluate and recommend secure remote configurations
- Active member in technical workgroups to recommend effective security configurations and architecture
- Liaison to the Enterprise Architect, WAN, LAN, and Enterprise Management Teams to effectively communicate and architect security solutions
- Develops documentation to support ongoing security systems operations, maintenance and specific problem resolution
- Works with and coordinates appropriate IT staff to implement solutions which will meet or exceed customer expectations
- Provide risk analysis for vulnerabilities, incidents and change requests
- Functions as technical lead during a security incident response
- Ability to sit for long periods of time.
- Ability to type for long periods of time.
- This position is full time. Employee is expected to work 40 hours weekly.
- Schedule will be determined by the supervisor. Employee is expected to follow the schedule.
- Employee is to report to his or her supervisor if unable to attend work.
- Well versed in the information security issues affecting financial service organizations and cloud based application service providers.
- Web application penetration testing experience identifying architectural design weaknesses from analyzing a web application
- Implementing PKI components in a network, application and architecture and authentication capabilities of Windows, UNIX, Linux, Apple and middleware
- Experience with database technologies, architectural reviews and PCI-DSS.
- Specific Security related experience included Data-at-rest encryption, certificate validation, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment to include; cross-site scripting, SQL injection, cross-site request forgery, HTTP response splintering, the OWASP Top 10 and SANS Top 25.
- Bachelor degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
- Possess at least one of the following professional designations (or one of similar stature):
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information System Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in the Governance of Enterprise Information Technology (CGEIT)
- Demonstrated excellent interpersonal skills.
- Ability to interface effectively with all levels of employees/management.
- Ability to stay focused to ensure that projects are completed accurately and on time.
- Demonstrated excellent organizational skills
- Ability to prioritize and complete multiple interdepartmental tasks in a timely fashion.
- Excellent verbal and written communication skill.
|• FLSA: Exempt
• Medical Insurance
• Dental Insurance
• Vision Insurance
• $50,000 Life Insurance
|• Unlimited use bus/light rail passes
• Free lunch on weekdays (5 full-time chefs)
• Paid Time Off
• Discounted gym membership
• Company sponsored outings