Job Summary:
The position has extensive knowledge of information security, sets the overall direction for informational security systems, and protects company information systems and assets by analyzing security events and testing systems to prevent potential threats. Evaluates security systems against industry standards and best practices to identify what needs to be included in systems. Works with technology vendors for proof of concept and during technology evaluations. Makes recommendations for technology purchases and architectural changes. Manages communication with other technical business units to see project through execution. Mentors and coaches junior engineers.
Job Description:
Key Responsibilities:
- Studies and interprets past security events and current security threats to improve security defenses; develops and implements new tools and processes based on findings.
- Consults on information security best practices based on research and analysis of company technical initiatives in order to mitigate risk.
- Oversees the evaluation and implementation of new security technology and toolsets to ensure optimal security posture.
- Communicates developing security threats associated with specific business related data exchanges and connectivity to senior leadership.
- Influences direction for protecting the company’s data assets by sharing security expertise with other technology departments.
- Oversees security awareness programs; educates and communicates information security polices, procedures, and practices to staff.
- Designs security models, reviews and approves security configuration and installation of firewall, VPN, routers, IDS scanning technologies, and servers.
- Participates in the development of hardware/software/network security procedures and guidelines that support information security policies.
- Monitors industry security updates, technologies and best practices to improve security management.
- Provides recommendations on mitigating or removing vulnerabilities within IT systems, while administering firewall components and implementing daily network support.
Qualifications:
Minimum Qualification:
- Bachelors degree in Computer and Information Science, Computer Engineering, Information Security, Networking, or a related field, or foreign equivalent, or suitable combination of education, experience and training; plus 4 years of experience in Security Operations or Information Technology.
- Two years’ experience with Vulnerability Management, Application Scanning (DAST and SAST), Application Security Testing, Secure coding as part of CIC Pipeline; Network Security, Client Security, Server Security, Cloud Security, Email Security, Penetration Testing, Web Proxy WAF (Web Application Firewall), and Security Vendor Evaluations.
- Two years’ experience using technologies such as: Rapid7 Metasploit, Rapid7 App Spider, Rapid7 Nexpose, Proofpoint, Burpsuite, Sonarqube, JfrogXRay, Cicso products (Umbrella, Stealthwatch, AMP, Intelligent Proxy, Tetration, or ISE).
Preferred Qualification:
- Certified Ethical Hacker (CEH) – International Council of Electronic Commerce Consultants (EC-Council)
- Certified Information Systems Security Professional (CISSP) – International Information System Security Certification Consortium (ISC)²
- Security Essentials Certificate (GSEC) – Global Information Assurance Certification (GIAC)
- Certified Systems Engineer (MCSE) – Microsoft Corporation
Education:
Bachelors: Computer and Information Science (Required), Bachelors: Computer Engineering (Required), Bachelors: Information Technology (Required)
Work Experience:
Security Operations, Information Technology/Systems
Security Operations, Information Technology/Systems
Certifications:
Certified Systems Engineer (MCSE) – Microsoft Corporation, Certified Ethical Hacker (CEH) – International Council of Electronic Commerce Consultants (EC-Council), Certified Information Systems Security Professional (CISSP) – International Information System Security Certification Consortium (ISC)², Security Essentials Certificate (GSEC) – Global Information Assurance Certification (GIAC)
Certified Systems Engineer (MCSE) – Microsoft Corporation, Certified Ethical Hacker (CEH) – International Council of Electronic Commerce Consultants (EC-Council), Certified Information Systems Security Professional (CISSP) – International Information System Security Certification Consortium (ISC)², Security Essentials Certificate (GSEC) – Global Information Assurance Certification (GIAC)
Job Opening ID:
00401971 Sr Governance, Risk, and Compliance Engineer (Open)
00401971 Sr Governance, Risk, and Compliance Engineer (Open)
“This job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.”
