Information Security Engineer

About The Position

Requirements

• Bachelor's Degree in Information Technology, Business Administration, or related field or an equivalent combination of education and experience.
• Eight years of information security experience to include a background in a multiple information security technologies (e.g. intrusion detection, penetration testing, identity and access management)
• Knowledge of various information security concepts and technologies such as identity management, network security, risk assessment, application security, platform security, security monitoring.
• Extensive knowledge of industry standard information security practices and processes. Seen as a thought leader, innovator and change agent.
• Robust information security knowledge of firewalls, IPS, proxy, load balancers, remote access, packet capture procedures and applications, packet capture analysis, vulnerabilities, OWASP, and patching best practices
• Knowledge of network intrusion techniques, vulnerabilities, exploits, advanced malware, and the corresponding detective and preventative techniques
• Solid understanding of governance, compliance and audit regulations related to the financial services industry. (FDIC,OCC,FINRA,GLBA,SOX,PCI)
• Strong oral and written communications skills with the ability to communicate to technical and non-technical audiences.
• Strong analytical and problem-solving skills.
• Strong team-oriented interpersonal and communication skills.
• Solid project management skills in planning and monitoring projects in a cross-functional environment.
• Ability to solve problems independently, quickly, and completely and to communicate them clearly to management.
• Ability to adapt to rapidly changing technology and apply it to business needs.
• Ability to assist with network and application troubleshooting; provide technical consulting support
• Ability to lead projects with very limited oversight

Nice To Haves

• Describe the work-related education, knowledge, behavioral or technical skills, and abilities that are preferred.

Responsibilities

• Provides support in the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments. Ensures that security concerns are addressed and mitigated and appropriate standards are defined and published.
• Often drives the evaluation, testing and implementation of emerging technologies, information systems security issues. Presents proposed security enhancements to management for approval, funding and implementation.
• Performs security assessments and reviews networking initiatives for security compliance. Prepares status reports and informational metrics on security matters; develops security risk analysis scenarios and response procedures.
• Serves as a resource regarding the security of data networks and centralized data frameworks, to include coordinating activities with the business unit, users and external networks
• Robust operational knowledge of the TCP/IP stack, network protocols, network topology and architecture, Windows and Unix operating systems, system logs events, anti-virus technologies, authentication systems (AD, LDAP, RADIUS, RACF), DNS, DHCP, SNMP, NetFlow, IP and application development processes/lifecycles
• Provides input into the design, implementation, and maintenance of the information security architecture. Analyzes, reviews, and determines the technical requirements necessary to mitigate the security risk for Information Technology needs, plans, and initiatives.
• Implements and maintains required security tools. Investigates information security violations; monitors and communicates technical vulnerabilities.
• Recognizes and identifies potential areas where existing security policies and procedures require change, or where new ones need to be developed. Conducts risk assessments and security briefings; advises management of critical issues.
• Evaluates products and/or procedures to enhance productivity and effectiveness. Provide direct support to the company and Information Technology staff for security related issues. Coordinates security awareness programs and provides education on security policies and practices. Provides consultations on security issues regarding new and existing systems.
• Monitors Information Technology assets for security requirements to include procedures, software, and integrity.
• Works to build and maintain a security sensitive mindset within the company culture.
• Participates in major projects and initiatives with a low level of management oversight
• Assists with the development, implementation, monitoring, maintenance and compliance of all information security standards, policies, and procedures.
• Participates in the on-call rotation that ensures 24x7 coverage of the corporate security infrastructure and network environments, assuming responsibility for resolving or escalating any network issues that arise during own on-call period
• Generates security/network-related Management Information for regular internal reporting, including producing some high-level analysis of any emerging trends.
• Each team member is expected to be aware of risk within their functional area. This includes observing all policies, procedures, laws, regulations and risk limits specific to their role. Additionally, they should raise and report known or suspected violations to the appropriate Company authority in a timely fashion.
• Perform other related duties as required.