Information Security Engineer

4 days ago

Apply Now

Receive Emails with Similar Jobs

eTrepid Inc.

WebsiteLinkedInAll Job Openings

Data Protection • HaaS • Hosting Services • Business IT Support • Managed Services

11 - 50

Description

• As a member of the Information Security Program Team, the Information Security Engineer is responsible for participating in all aspects of planning, deploying, documenting, monitoring, & maintaining the layered security to protect the confidentiality, integrity, and availability within the corporate and client facing infrastructures. • This position will focus on protecting system boundaries, keeping systems and infrastructure hardened against attacks and securing highly sensitive data, along with securing user and computer identities. • Key Responsibilities: Perform engineering, tuning, and provide guidance of network security controls & hardening including IDS/IPS, Web Filtering, Cloud Technologies, Email/Spam, and Firewalls. • Perform engineering, tuning, and guidance to the Information Security Team for incident response & SIEM management. • Experienced in cloud security and compliance for Azure and AWS. • Manage and support Identity and Access Management. • Support the investigation and resolution of security incidents. • Perform Security User Awareness Training and Phishing campaigns. • Perform vulnerability management as well as support penetration testing and remediation. • Perform engineering, tuning, & provide guidance of mobile & endpoint security controls & hardening including AV, Endpoint Detection & Response, DLP, & encryption. • Translate security controls and requirements into system specification requirements. • Perform 3rd party vendor risk management assessments. • Plan, develop, and enhance security standards, requirements gathering, and engineer security solutions across the risk and technology portfolio. • Assist in designing computer security architecture and develop detailed cyber security designs. • Engineer, implement and monitor security measures for the protection of computer systems, storage, infrastructure, and cloud applications. • Define system security requirements, identify vulnerabilities, and coordinate remediation plans. • Support and coordinate risk assessments and security evaluations for vendors deploying solutions either on premise or in the cloud. • Participate in proof of concepts and other technical evaluations of technologies, designs and solutions and provide recommendations. • Plan and coordinate the deployment of security and vulnerability patching to all computer systems. • Prepare and document standard operating procedures and standards. • Develop technical solutions and select and implement new security tools to help mitigate security vulnerabilities and automate repeatable tasks. • Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement. • Plan/automate/deploy new infrastructure and security capabilities. • Participates in security awareness trainings, webinars, and podcasts designed as a Subject Matter Expert (SME). • Adept at Presenting in-person and virtual to customers, partners, and executives.

Requirements

• BS degree in Computer Science, Information Systems or equivalent experience preferred. • CISSP certification required. • Industry certifications preferred: CISA, CISM, CEH, GIAC, or equivalent. • 8+ years of relevant experience focusing on security analysis. • 3+ years of experience performing Network Security with expertise configuring Firewalls, Network IDPS systems, Data-Loss Prevention (DLP), VPN, Proxy/Web content filtering, WAF, NAC, Zero-Trust, GRE/IPSec, and/or Network segmentation. • Experience managing and configuring Vulnerability Management tools, Cloud Security (including CASB & M365), Identity and Access Management tools, and/or Multi-Factor authentication. • 3+ years of experience performing Endpoint Security with expertise configuring AV and/or MDR/EDR solutions, hardening Windows Server and Workstation OS, and/or MDM and Mobility. • Experience performing SIEM management and tuning, incident response, forensics, playbook development, and/or SOAR tools. • Ability to employ procedures, methods, and tools for identifying, representing, and formally assessing the important aspects of alternative decisions (options) to make an optimum (e.g. best possible) decision. • Experience with IT governance and/or risk. • Strong knowledge of network & infrastructure security architecture. • Experience working with Linux and Windows operating systems. • Experience with Microsoft Azure, IaaS, PaaS, SaaS, NaaS platforms. • Detailed and thorough knowledge of incident analysis and response concepts and techniques, including incident tracking process, root cause, lessons learned and process improvements. • Knowledge of compliance standards and security frameworks (COBIT, NIST, HIPAA, ISO27001/2, OWASP, PCI). • Knowledge of security regulations, frameworks and security requirements that impact SMB market (GLBA, HIPAA, PCI, NIST 800-171, NIST 800-53, NIST -CSF, CMMC). • Excellent analytical and problem-solving skills with the ability to work under pressure. • High level of personal integrity, with the ability to professionally handle confidential matters while leveraging the appropriate level of judgment. • Strong interpersonal and communication skills. • Ability to work well under stressful environments. • Ability to work extended hours and weekends when required.