GENERAL DESCRIPTION OF POSITION
The Information Security Engineer is responsible for supporting applications used by Information Security including automation, security architecture, and other critical functions.
ESSENTIAL DUTIES AND RESPONSIBILITIES
1. Manage the applications and infrastructure specific to the Information Security teams, and ensure functionality and uptime meets operational needs.
2. Assist in designing and implementing an automation strategy for Information Security, including the selection and maintenance of automation platforms.
3. Execute the vulnerability management program, determining criticality of patches and working with Information Security Governance team to monitor compliance.
4. Manage Discovery and Data Loss Prevention security analytics platform and partner with stakeholders to develop the strategy for this environment to support future needs.
5. Ensure security tools are updated to reflect a complete, accurate and valid inventory of all systems, infrastructure and applications.
6. Conducts vulnerability assessments and other security reviews of systems to ensure remediation based on the risk profile of the asset.
7. Reviews and recommends improvements to company security posture leveraging concepts such as network segmentation, resilient authentication, least privileged access, privacy by design, etc.
8. Develop and maintain security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.
9. Participate in application and infrastructure projects to provide security planning advice.
10. Determine baseline security configuration standards for operating systems (e.g., operating system hardening), network segmentation, and other technologies.
11. Develop standards and practices for data protection within the company, including technologies such as encryption and tokenization.
12. Track developments and changes in the technology and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.
13. Advocate security best practices and share insights with stakeholders in a variety of areas (secure coding, architecture, system/app administration, system hardening, etc.) and recommend changes to enhance security and reduce risk..
14. Participate in the Vendor Due Diligence process as needed to conduct security assessments of existing and prospective vendors.
15. Assists in e-discovery procedures when necessary.
16. Provide support and guidance for legal and regulatory compliance efforts, including audit support.
17. Assist in defining metrics and reporting that effectively communicate performance and maturity of the security program.
18. Assist Information Security leadership in developing strategy and roadmaps for Security team.
19. Complete required BSA/AML training and other compliance training as assigned.
20. The ability to work in a constant state of alertness and in a safe manner.
21.Perform any other related duties as required or assigned.
QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty mentioned satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
EDUCATION AND EXPERIENCE
Technical degree required in such disciplines as Computer Engineering, CPA, etc., plus 6 years related experience and/or training, and 2 years related management experience, or equivalent combination of education and experience.
COMMUNICATION SKILLS
Ability to read a limited number of words and recognize similarities and differences between words and between series of numbers; ability to write and speak simple sentences as a means for basic communication. Ability to read and understand simple instructions, short correspondence, notes, letters and memos ability to write simple correspondence. Ability to read and understand documents such as policy manuals, safety rules, operating and maintenance instructions, and procedure manuals; ability to write routine reports and correspondence. ability to effectively communicate information and respond to questions in person-to-person and small group situations with customers, clients, general public and other employees of the organization. Ability to read, analyze, and understand general business/company related articles and professional journals; ability to speak effectively before groups of customers or employees. ability to write reports, business correspondence, and policy/procedure manuals; ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public. Ability to read, analyze, and understand common scientific and technical journals, financial reports, and legal documents; ability to respond to complex or difficult inquiries or complaints from customers, regulatory agencies, or members of the business community.
MATHEMATICAL SKILLS
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume. Ability to apply concepts such as fractions, ratios, and proportions to practical situations.
CRITICAL THINKING SKILLS
Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems. Ability to deal with nonverbal, logical or scientific symbolism such as formulas, scientific equations, and graphs. Ability to deal with a variety of abstract and concrete variables.
REQUIRED CERTIFICATES, LICENSES, REGISTRATIONS
Minimum, 1 certification in cybersecurity such as CISSP, CISM, or Azure Security Engineer Associate, or ability to obtain within 6 months.
PREFERRED CERTIFICATES, LICENSES, REGISTRATIONS
Microsoft Information Protection Administrator SC-400
Administering Information Security in Microsoft 365 SC-401
Information Systems Security Architecture Professional (ISSAP) ISC2
Certified Cloud Security Professional (CCSP) ISC2
SOFTWAR