Senior Security Engineer

Requirements:

• A bachelor's degree in information security, Computer Information Systems, or related field, and at least 4 years of experience in Information Security.
• Relevant Information Security certifications are preferred.
• If no degree, at least 5-7 years of experience in Information Security.
• Experience with GRC tools, process automation, security metrics, and policy management.
• Excellent verbal and written communication skills. Able to communicate persuasively and influence others.
• Strong attention to detail, analytical, and statistical skills.
• Ability to work independently and collaboratively in a fast-paced environment.
• Demonstrate professional skepticism to ensure sufficient evidence when assessing the relevant information security controls.
• Demonstrate an understanding of business processes, internal risk management strategies, IT controls, and how they interact.

The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:

• Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
• Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
• Paid Time Off: PTO & Holidays, Parental Leave, Sick Leave, Military Leave, Bereavement
• Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program

Preferred locations: MO, FL, NC, TX, AZ, IL, MA, VA, AL, LA, GA, MN, OH, MI, WI, IA, SC

Senior Security Engineer

Why WWT?

Founded in 1990, World Wide Technology (WWT), a global technology solutions provider leading the AI and Digital Revolution, with $20 billion in annual revenue, combines the power of strategy, execution and partnership to accelerate digital transformational outcomes for large public and private organizations around the world. Through its Advanced Technology Center, a collaborative ecosystem of the world's most advanced hardware and software solutions, WWT helps customers and partners conceptualize, test and validate innovative technology solutions for the best business outcomes and then deploys them at scale through its global warehousing, distribution and integration capabilities.

With over 10,000 employees and more than 55 locations around the world, WWT's culture, built on a set of core values and established leadership philosophies, has been recognized 13 years in a row by Fortune and Great Place to Work for its unique blend of determination, innovation and creating a great place to work for all.

Want to work with highly motivated individuals on high-performance teams? Join WWT today!

What is the Internal WWT IT Team and why join?

The Internal WWT IT team is the backbone of our company's technological infrastructure, ensuring seamless operations and continuous innovation. Our team is dedicated to managing and supporting the company's technology infrastructure, ensuring the smooth operation of hardware, software, networks, and data systems, while providing top-notch technical support to employees.

By joining the Internal WWT IT team, you will play a crucial role in maintaining the efficiency and security of our IT environment, enabling the company to achieve its strategic goals. The Internal IT team offers the opportunity to work in a dynamic and collaborative environment, where your contributions will have a direct impact on the company's success. If you are passionate about technology and eager to take on new challenges, we encourage you to apply and join our team.

What will you be doing?

The Senior Security Engineer implements and enforces InfoSec policies, standards, and governance that align with industry best practices. This role also consistently conducts risk evaluations and implements mitigation approaches across WWT divisions, products, services, and customer-serving facilities, such as the WWT Integration Centers, Advanced Technology Center (ATC), and Managed Services. The aim is to fulfill organizational and customer needs regarding information protection and act as a senior technical expert liaising between InfoSec and various departments.

Responsibilities:

• Research, design, and implement information security solutions for the organization's systems and products in compliance with the organization's applicable security policies and standards.
• Lead strategic security risk management projects, evaluate stakeholder requirements for services, identify security gaps, and collaborate with stakeholders to mitigate identified risks.
• Mentor and train security risk management engineers and analysts as directed.
• Provide senior-level security risk consulting to cross-teams and customers which includes secure configuration & hardening recommendations.
• Regularly perform risk assessments, both on-site and remotely, as defined by policies, standards, and industry best practices.
• Utilize risk management strategies across the organization; identify and evaluate internal and external risks, security controls that mitigate risks, and related opportunities for security control improvements.
• Establish and maintain security baselines for organizational assets, as defined by policies, standards, and industry best practices.
• Evaluate business processes and procedures for adherence to security policies and recommend remediation for gaps.
• Apply defense in-depth strategies to protect information assets and systems against attack vectors.
• Regularly evaluate information security baselines; recommend and implement relevant changes.
• Create, maintain, and review relevant risk management reports for compliance and auditing purposes; provide regular updates to management.
• Advise management on critical risks and threats that may affect the organization.
• Utilize technical and business knowledge to determine the business value and cost of a security control.
• Keep up-to-date on the latest security threats, laws, regulations, policies, and industry best practices.
• Consult with stakeholders regarding information system solutions that meet confidentiality, integrity, and availability requirements.
• In-depth knowledge of risk assessment methodologies.
• In-depth knowledge of information security best practices and frameworks, including (but not limited to) NIST Special Publications and Cyber Security Framework, CIS Controls, ISO/IEC 27000 series, and OWASP Top 10.
• General knowledge of laws and regulations related to information security and relevant to the organization, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
• In-depth knowledge in auditing and third-party risk assessment