The Director of Security Engineering will be responsible for developing and implementing security solutions, including but not limited to: access management, cryptography, data loss prevention (DLP), emerging technologies (i.e., cloud, mobile, etc.) endpoint security, malware analysis and protection, incident response, network and perimeter security, web, and mobile application security spanning global footprints, offices, datacenters, and business units. In addition, this role will be serve as a resource cross-functionally to share security insight and best practices with other teams, ensuring security best practices are incorporated into the design, build, and deployment of the iconectiv’ s public and private infrastructure.
Candidates for this role must have direct experience with the following: - Deep understanding of security fundamentals, including operating systems, networking, virtualization, identity and access management, and security countermeasures.
- Strong understanding of Application Security testing, Oauth frameworks, OWASP top 10, and Penetration Testing.
- The ability to analyze and evaluate the design and operating effectiveness of IT and security controls to secure systems from intentional or inadvertent modification, and to evaluate established practices against regulatory and industry benchmarks.
- Experience with many of the following technologies: Web Application Firewall, DLP, HIPS, NAC, File Integrity, ETDR tools, Enterprise anti-malware solutions, Wireless Security.
- Knowledge concerning Information Security and Information Technology industry risks, solutions, and mitigating controls
- The candidate will manage a small team of security engineers, must be a team player capable of influencing others and capable of rapid and disciplined decision-making.
- The candidate will act as a primary stakeholder in Change Management Approval Board, and the organization’s system engineering function.
In addition, a qualified candidate must have:
- 10 years of related experience with a Bachelor’s degree; or equivalent experience.
- Excellent verbal and written communication and public speaking skills
- Security certifications such as CISSP, CISM, GIAC, CISA, CRISC, are preferred
- The ability to obtain a government security clearance.
- Accomplishments maintaining professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies
- Experience with the following industry/regulatory requirements and frameworks: ISO27001, SOC2, PCI/DSS, SOX, NIST 800-53, NIST CSF
- Having broad expertise or unique knowledge, uses skills to contribute to development of company objectives and principles and to achieve goals in creative and effective ways
- Works on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results.
- Acts independently to determine methods and procedures on new or special assignments. May supervise the activities of others.