Search for More Jobs
Forward job to a friend
Apply without Registering
Apply by creating/using an account
InfoSec Analyst/Engineer – someone mid to senior level, with the ability to take the lead on a project from start to finish.
The description is very detailed, but the keys to the role are:
• CISSP (required)
• eDiscovery or Forensics experience
• Active Directory
• Identity Management (would be a plus)
• someone interested in learning new InfoSec skills
• someone who is not committed to just one niche skill in the InfoSec realm
• Vulnerability / Intrusion / Penetration experience
Provides senior level expertise on decisions and priorities regarding the enterprise's overall information security architecture. Configures, implements, and maintains information security systems to ensure the confidentiality, availability, and integrity of company information assets.
· Defines, and maintains information security processes, controls, and policies. Liaise with Senior and VP Level IT Management, as well as Legal, HR and Governance to drive security policy balancing enterprise data protection and productivity. This also includes regular auditing and remediation of above. This requires in-depth knowledge of technical regulations and best practices. Additionally, it demands persistent learning of new technologies, industry trends, and technical or social engineering threat vectors.
· Security Systems Administration - Implement, manage, and maintain all security systems within the enterprise. This requires well-rounded hands-on knowledge in areas such as Windows, Unix, Networking, Firewalls, and Security Vulnerability and Monitoring Tools.
· Participates in maintaining company compliance with applicable federal and state laws and industry requirements. These include but are not limited to PCI, SOX, and HIPAA. This requires detailed knowledge or certifications in corresponding compliance areas.
· Perform risk assessments and audits of enterprise systems, and established IT practice to ensure ongoing risk mitigation and compliance.
· Work closely with technology groups and business leads on new initiatives to understand risk at both a project and operational level. This includes architecting and implementing technical or process driven mitigation strategies.
· Evangelize security across the engineering team and beyond. This includes education, mentorship as well as a commitment to building relationships across the business.
· Project Leader – Leads, or support complex IT projects as a subject matter expert or consultant.
Knowledge, Skills and Abilities:
· Minimum 5 years of experience as an Information Security Engineer (MUST)
· Working knowledge of network security architecture and protocols, identity management and access administration, intrusion detection/prevention, VPN, system logs and event correlation, digital forensics, Active Directory, Windows, Unix/Linux, encryption, SSO, vulnerability management and scanning.
· Experience and demonstrable skills with automation and scripting languages. Windows PowerShell experience a plus.
· Experience and demonstrable skills with web technologies and cloud platforms such as Azure and AWS.
· Experience working in a mission-critical environment. Extensive knowledge of information security best practices, SOX, HIPAA, Privacy, and PCI DSS.
· Strong problem solving and analytical skills.
· Ability to manage multiple complex challenges in parallel, and solve them with cost effective, highly automated, efficient, and proven security technologies or controls.
· Strong ability to work with incomplete information, adapt to changing priorities, and improve continuously.
· High standard of ethics.
· CISSP certification required
· OSCP certification is a huge plus
Apply by creating/using an account