Job Description

Security Engineer, Security Engineering

Summary:

The  security engineer provides support to ensure applicable information protection policies, procedures, guidelines, best practices are followed. Performs Security Risk Assessments (SRAs) and performs compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures. Educates stakeholders in the assessment process and lead both pre- and post-assessment meetings. Analyzes and explains the security vulnerabilities found during the assessment process and provide guidance on acceptable remediation actives to the program/project team. Works with senior system engineers to ensure that capabilities will be integrated into the developed systems including requirement validation, architecture and design, and producing appropriate documentation. Sets and provides technical guidance and direction to security engineering team involved in system security engineering activities across a system of systems and defines, implements, and enforces system security engineering processes to be applied to multiple projects by the security engineering team. Ensures program compliance to information sharing initiatives, identity & privacy (PII) issues, information security and assurance policies, and federal guidance and standards.

Duties and Responsibilities:

• Develop and maintain the IT security Incident Response Program

• Adhere to existing risk management frameworks, such as NIST 800-171 

• Develop business process mapping for implementation of security policies and standards throughout enterprise 

• Ensure security of customer endpoints utilizing latest technologies focused on malware, threat detection, and behavior analysis

• Develop process flows and mapping of security architecture components as part of an enterprise architecture. 

• Analyze output from network vulnerability assessments and recommend mitigation strategies;  

• Review and provide feedback on security plans and procedures regarding all aspects of LAN, WAN or MANs, as applicable; 

• Assist in designing security products to include firewalls, intrusion detection systems, antivirus, patch management, etc.;

• Configure alerting mechanisms to allow for fast resolution of incidents

• Review and provide input into network designs to ensure compliance with security and enterprise architecture; 

• Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the IT security branch. 

• Build/enhance security architecture and configure network to enhance the security posture of the enterprise 

• Develop and/or implement automated security testing tools where possible. 

• Implement protective measures and respond to alerts regarding suspected phishing, CaSB or DLP information sharing violations, and staff, faculty or student account anomalies.

• Become escalation point for desktop support teams in regards to IT security related incidents

• Train desktop support staff in regards to best cyber security practices.

• Provide forensic analysis support in the case of any cyber security incident.

• Provide security input on overall software architecture. 

• Liaison with compliance teams for internal and external software compliance efforts. 

• Performs hands-on testing of applications, as well as build and enforce information risk management requirements and structure, including providing practical secure architecture skills and developing and implementing Information Security best practices

Skills :

• Basic skills needed include: 

  • Endpoint Security Solutions

  • Risk management and security risk assessments

  • Splunk

  • Forensic Analysis

  • Authentication and authorization

• Enterprise aware (change control, downstream impacts, understanding of cause and effect, change windows, etc.) 

• Recognized as a strategic thinker and is results oriented 

• Demonstrated effective strong team player and self-motivator. Ability to work and interface internally with a IT and other functional support groups with minimal guidance 

• Demonstrated successful experience in a customer-facing role 

• Demonstrated communicator both written and verbal, with effective presentation delivery and meeting facilitation  

• Demonstrated effective time management, organizational and documentation skills

• Good analytical and troubleshooting skills

Education & Experience Requirements :

Experience:

• 8 years or more of professional experience with 4 or more years in IT security

• Must have the knowledge of IT security technologies such as firewalls, intrusion detections systems, antivirus, patch management, etc, and the interest and experience to work on security policy and architecture 

• Experience in engineering and operational roles (a plus if both roles at the same time).

• Familiar with DHS and NIST security policy and be able to review against security architecture technical requirements 

• Intermediate to advanced knowledge of information security concepts. 

• Knowledge of network architecture and design, network Security, wireless Security and client/server security. Very strong computer networking skills (TCP/IP, Ethernet, etc.) and understanding of networking protocols. Security of virtual machine environments is highly desirable. 

• Knowledgeable about deployment of wireless LAN and wireless IDS

• Knowledge of vulnerability assessment/network discovery and associated tools 

• Understands infrastructure monitoring  

• Knowledge of securing Linux/Unix, Mac OS X, and Windows systems. 

• Experience with various types of firewalls and technologies 

• Demonstrated process improvement experience

Preferred Experience Requirements :

Education:

• Bachelor's Degree

Certifications:

• GSEC

• CISSP

• CISA

• Security +

All submissions should include a cover letter and resume.

Job Tags

Similar Jobs