Information Security Engineer
Salary Range : $115k to $135k
Job Summary
The Information Security Engineer II will play a crucial role in safeguarding the company's assets and ensuring the confidentiality, integrity, and availability of our information systems and data.
The Information Security Engineer II will play a pivotal role in the design, implementation, and maintenance of multiple security solutions.
In addition, the Information Security Engineer II will work closely with other teams to promote secure designs and practices across the company to mitigate risks and meet business objectives and regulatory requirements.
Essential Functions Security Roadmap Ability to guide the organization in the development of the Security Program Roadmap.
- Contribute to the development of the Security Program Roadmap
- Develop an understanding of the organizational risk profile, organizational threats, and 3rd party compliance requirements
Security Engineering - Architects and implements security technologies.
- Assist with identifying potential security technologies and researching their capabilities.
- Contributes to the design and implementation of security solutions
- Contributes to identifying migration / upgrades for end-of-life technologies
- Recommend security improvements to management
- Administer security tools and troubleshoot issues that arise
Threat Management - Ability to understand security threats and their risk to the organization.
- Contribute to the research of new and existing security threats and provide input to their potential risk to the environment
- Understands the anatomy of a breach and provides assistance with investigations
Security Governance - Establish and maintain self-audits, policies, and procedures to provide assurance that information security strategies are aligned with applicable laws and regulations through adherence to internal controls.
- Propose areas for "self-audits" based on security assessments and / or new technology deployments
- Propose security policies or procedures based on security assessments and / or new technology deployments
Supplemental Duties and Responsibilities
- Serve as technical liaison with vendors
- Pursues training and development opportunities; strives to continuously build knowledge and skills
- Assist personnel in other technology departments to resolve technical and / or application issues
- Participate and assist in the coordination of both internal and external audits
- Other duties as requested
Required & Preferred Qualifications
- Bachelor’s Degree or equivalent work experience in a related field required
- 3+ years’ experience in an Information Security role with responsibilities in assessing application and infrastructure architectures for security threats and vulnerabilities, strongly preferred Alternatively, 5+ years’ in a Senior level network / systems role with a strong focus on Security, required
- Must be self-motivated and able to work independently, with minimal supervision and as part of a team
- Hands-on experience with security infrastructures (e.g. Firewalls, IDS / IPS, VPN, Secure Email Gateways, Web Content Filters, Proxies, DLP, SIEM) required
- Solid foundational understanding of networking concepts required
- Professional security management certification, such as a ISC(2) Certified Information Systems Security Professional (CISSP), SANS GIAC Information Security Professional (GISP), CompTIA Security+, CompTIA Network+, highly desirable
- Knowledge and experience with common information security management frameworks and best practices, specifically the National Institute of Standards and Technology (NIST) frameworks and Center for Internet Security (CIS) Critical Security Controls, highly desirable
- Understanding of cloud security concepts (SaaS, PaaS, IaaS), mobile architecture, network and application security and / or data protection, preferred
- Experience implementing security concepts with at least one major IaaS vendor is preferred
- Detail oriented with excellent interpersonal communication skills
- Expected to effectively partner and collaborate with other teams on an ongoing basis
- Strong conceptual thinking and communication skills - the ability to translate medium complexity business and technical requirements into effective solutions
- Strong organizational skills and ability to multi-task in an enterprise business environment
- Ability to manage / track completion of multiple ongoing projects and remediation tasks
- Proficient technical documentation skills
- Strong written, verbal and presentation communication skills and ability to communicate at all levels within an organization