Our client’s GSOC (Global Security Operations Center) is responsible for the information security of Enterprise and Government clients. The GSOC provides managed services to prevent and respond to computer security incidents, to comply with various Customer Requirements, Federal and State privacy, and security laws and regulations and to comply with contracts that include information security requirements. The GSOC Team also leads information security initiatives to protect confidential information, including intellectual property, as well as research and personal information.
The Security Engineer leads the execution of information security activities and provides guidance to lower tiers within the GSOC to ensure that information systems are implemented and operating in accordance with:
a) Customer requirements
b) Information security best practices
c) Our client’s Policy and Federal and State laws and regulations.
The Security Engineer is also responsible for executing all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. This includes responding to information security-related questions and inquiries using established information security tools and procedures and implementation and administration of information security controls using software and vendor security systems.
The position requires participation in the on-call rotation and other team-shared duties such as telephone coverage. This position calls for a high level of integrity, good judgment, knowledge concerning issues of privacy and confidentiality, excellent oral and written communication skills, ability to work as an independent, productive, responsible, self-motivated member of a team in high pressure situations while maintaining a calm, customer-friendly perspective.
- Execute security controls to prevent attackers from infiltrating company information or jeopardizing programs
- Research attempted efforts to compromise security protocol and recommends solutions
- Maintain security systems and administers security policies to control access to systems
- Create information security documentation related to work area and completes requests in accordance with company requirements
- Identify opportunities and executes plans to improve workflow and understands and quantifies business impacts of those improvements for communication to management
- Interface with GSOC Team, Management, and Customer to understand security needs and implement procedures to accommodate them. Ensure that stakeholders understand and adhere to necessary procedures to maintain security
- Provide status reports on security matters to develop security risk analysis scenarios and response procedures
- Provide expert guidance and oversight in assessing the security infrastructure and network and systems design to ensure system/network security.
- Identify security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives
- Provide expert oversight in the development, testing and operation of firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools
- Assess and/or design, and deploy centralized user and configuration management systems
- Perform duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction
- Establish and/or maintain monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports
- Develop and maintain centralized information systems security standards, procedures, and guidelines
- Ensure the operation and security of network infrastructure, servers, and desktop systems
- Performs advanced trouble-shooting for network hardware, software problems and troubleshooting activities to isolate and diagnose common PC problems
- Audit and maintain security levels consistent with the Security Policies. This may include developing and implementing policies, performing intrusion testing, identifying & correcting security vulnerabilities and implement security related software
- Enhance existing and recommend new technologies to improve company efficiency and quality
- Develop policies and procedures for securing the system infrastructure and applications
- Develop complex technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines
- Develop, implement, enforce and communicate security policies and/or plans for data, software applications, hardware and telecommunications
- Perform product evaluations, recommends and implements products/services for network security
- Validate and tests security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies
- Interact with clients and provides recommendations on information assurance engineering standards, implementation dependencies and changing information assurance related technologies
- Assess the impact on the business unit/customer caused by theft, destruction, alteration or denial of access to information and reports to senior management
- Provide leadership and work guidance to less experienced personnel
Essential Skills, Knowledge and Abilities required:
*Must be able to obtain a government clearance to be considered.
- Experience in an information security role or in a position with substantial information security responsibilities.
- A natural bias for action requiring minimal direction within the scope of duties and responsibilities
- Deliver excellent customer service and to interact in a highly effective manner with other team members, Customer, and upper management
- Creative mind that can successfully complete projects and/or multiple tasks on schedule, to meet business objectives
Demonstrated technical skills:
- Enterprise project coordination experience.
- Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists.
- Experience working with digital communications, current and evolving network technologies including IPv6, VOIP, QoS, wireless, etc. and an in depth understanding of routing protocols, network security, and network management.
- Experience working with internet, web, application and network security techniques.
- Experience working with leading firewall, network scanning and intrusion detection products and authentication technologies.
- Experience working with federal regulations related to information security (FISMA, Computer security Act, etc.)
- Experience working with NIST Special Publications and process methodology.
- Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues.
- Ability to perform and interpret vulnerability assessments.
- Ability to administer the operations of a security infrastructure.
- Experience in information security, ideally in large multi-platform environments.
- Operating systems knowledge and systems administration skills for various flavors of UNIX, LINUX, and Windows.
- Familiarity with vulnerability management tools and processes.
- Experience with analyzing network attacks.
- Experience in the evaluation of new technology and security threats as they arise.
- Familiarity with information security best practices and related laws.
- Familiarity with the execution of information security compliance efforts.
- Demonstrated project coordination skills including creation of project metric reports and the creation of communication plans and change control documents
- Creativity to recognize and address new threats and security challenges as they arise.
Interpersonal skills desired:
- Good judgment with an ability to form logical approaches consistent with information security best practices in response to information security events, while providing excellent customer service.
- A high level of integrity, excellent judgment and knowledge concerning issues of privacy.
- Ability to work as an independent, productive, responsible, self-motivated member of a team.
- Excellent oral and written communication skills including the ability to effectively communicate complex concepts, policies, and procedures to individuals with a wide range of expertise and backgrounds.
- Ability to work calmly and effectively. Must be able to make well-reasoned decisions in high pressure situations.
- Ability to maintain a well-reasoned, objective, and independent point of view.
- Ability to manage time-sensitive security challenges as they arise, effectively utilizing work and project plans to manage deadlines.
- Bachelor's degree or equivalent in computer science or related field; or a minimum of seven years of experience within a technical security role (i.e., network security, operating system security, Internet/web security, DLP, anti-malware, IDS/IPS, penetration & vulnerability testing)
- Minimum of 3 years as engineer role in an information security related position
- Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
- Experience with performing vulnerability scans and assessments as well as computer forensics.
- Ability to independently research, analyze, and determine appropriate course of action for complex technical solutions and problems; use hardware efficiently and effectively; write technical specifications; prioritize workload effectively; ability to work well under critical conditions; able to work extended hours if needed; meet critical deadlines; communicate effectively with users, and management and outside vendors
- Willing to work outside of regular business hours as required; including evenings, weekends and holidays
Other Preferred Skills or Certifications:
- Professional certifications from bodies such as CompTIA Security+, Network+, SANS GSEC, and/or equivalent.
- General IT related certifications are also desired
- Web Application Security
- Experience in basic programming and code analysis
- Ability to understand and utilize HTTP and similar protocols for analysis and troubleshooting
- Incident Response
- Database Security
- Strong Regex Skills
- Scripting (Perl/Python)
- Strong Linux Background
- Understanding of Data Visualization
- Log/Data Correlation and Analysis
- Strong Packet Analysis
- Operational/Process Automation
- Bachelor's degree or equivalent in computer science or related field; or a minimum of 7 years of experience within a technical security role (i.e., network security, operating system security, Internet/web security, DLP, anti-malware, IDS/IPS, penetration & vulnerability testing).
- Professional certifications from bodies such as SANS/GIAC, ISACA, and ISC2, GSEC, CISA and/or other information security certifications are highly desired.
- General IT related certifications are also desired.
About the company:
Join one of the fastest growing Cyber Security companies in Tampa Bay. Our client is a very fast growing company known for working collaboratively and independently with their employees and believes in promoting from within. They offer an opportunity to get into the IT Security field where you can grow your career. Pratt, Brown & Associates, LLC and our client are both EOEs’.
Pratt, Brown & Associates, LLC and our client are committed to creating a diverse environment and are proud to be equal opportunity employers. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Pratt, Brown & Associates, LLC and our client are also committed to compliance with all fair employment practices regarding citizenship and immigration status.
If this position does not meet all of your requirements, we welcome you to contact us with your resume or review our website, www.prattbrown.com or www.dice.com for other openings. In addition, we have additional opportunities that may not be listed and we would be happy to match your skills with other available jobs. Please e-mail your resume with your salary requirements to email@example.com. We look forward to helping you find a job opportunity that best fits your needs.