We’re looking for an Information Security Engineer and Analyst for our Corporate IT Department. You will work as part of a team of experienced Engineers and Administrators reporting directly to the Senior Director of Technology Operations. You will help drive development, implementation, and monitoring of security policies, procedures, and governance. This includes (but not limited to) monitoring of server and firewall logs, scrutinizing network traffic, working with our MDR vendor, and troubleshooting. You will also analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required.
What You’ll Do
- Work with operations and engineering staff to determine, recommend, and procure appropriate software, hardware, and tools that are required to secure the computing environment.
- Work with vendors and engineering to design, perform, and/or oversee vulnerability management scans and penetration testing of systems in order to identify system vulnerabilities. Contribute to the creation, delivery, and enforcement of information security plans, policies, principles, baselines, and standards
- Plan, recommend and implement awareness training of the workforce on information security standards, policies and best practices
- Investigate, analyze and participate incident response team with resolution of security incidents
- Work with operations, product teams and vendors to ensure monitoring of server logs, firewall logs, intrusion detection logs, and network traffic (wired & wireless) for unusual or suspicious activity, interpret and make recommendations for resolution
- Assess need for any reconfiguration needed for security in platforms and systems and drive the implementation of new standards across the organization as required
- Partner with the application and functional teams to facilitate and assist with the integration of security testing as part of the SDLC
- Measure, track and report the security risk, vulnerability, and remediation status
- Work with our internal communications team, to manage internal security campaigns, including presentations and the creation of collateral to support the effort.
- Aid in leading large scale security and compliance initiatives, including vendor selection and implementation of practices.
- As a change agent, able to lead others through influence and understanding.
The Skills and Experience You’ll Bring
- Highly self-motivated and directed
- Strong organizational skills and excellent attention to detail
- Degree in Computer Science or related field, or equivalent experience
- 5 years of information security work experience in deployment or governance
- General hands-on knowledge of firewalls, intrusion detection systems, endpoint protection, anti-virus software, data encryption, DLP, NAC, SEIM and other industry-standard techniques and practices
- Technical knowledge of network, server, and endpoint platform operating systems
- Technical knowledge of identity management and security technologies including Active Directory, Group Policy, ADFS, and Authentication protocols including Kerberos
- Prior experience managing and maintaining information related to PCI or SOX audits
- Knowledge of applicable practices and laws relating to data privacy and protection including CCPA and GDPR
- Ability to effectively prioritize and execute tasks in a fast-paced environment
- Knowledge security practices in cloud environments
- Knowledge of Authentication best practices while using Oauth and SAML providers.
- Knowledge of Checkpoint Firewalls
- Experience with SD-WAN technologies
- Knowledge of MDR/EDR Solutions
- Strong knowledge of the TCP/IP suite of protocols including but not limited to ICMP, DHCP, DNS, HTTP(S), and FTP
- CISSP – Certified Information Systems Security Professional
- CEH – Certified Ethical Hacker (CEH)
- CISM – Certified Information Security Manager (CISM)
- ISSAP – Information Systems Security Architecture Professional (ISSAP)
- ISSEP – Information Systems Security Engineering Professional (ISSEP)