Information Security Engineer

network, security, MFA, VPN, password, malware, patch, policy, cissp
Full Time
Depends on Experience
Work from home available Travel not required

Job Description

Established in 1832, Janney Montgomery Scott LLC is a full-service financial services
firm, providing comprehensive financial advice and superior service to individual, corporate, and
institutional investors. At Janney, our mission is to be the highest standard of success in financial
relationships.

 

Through our wealth management approach, we focus on the delivery of strategic financial plans
that utilize a variety of financial products and services best suited to help individual investors
and families meet their financial goals. Janney is equally committed to providing our corporate,
municipal and institutional clients objective advice for the successful execution of their unique
business plans. Janney serves clients through a network of professionals in branch offices located
along the East Coast. We are an independently operated subsidiary of The Penn Mutual Life
Insurance Company, one of the largest mutual insurance companies in the nation, and we are
members of the New York Stock Exchange, Financial Industry Regulatory Authority and the
Securities Investor Protection Corporation.


The Janney Information Technology department has been a major contributor toward Janney
productivity with successive years of record enterprise growth. The culture focuses on valuing
individual contributions toward team accomplishments where employees have much say in their
job. Janney IT has been recognized within the financial services industry including: a CIO
100 Honoree, Enterprise Mobility excellence within financial services, Computerworld Premier 100 IT Leader, a two-time winner from WealthManagement.com in the category of Technology for Broker-dealers with less than 1000 Advisors (including most recently in September 2020), and most importantly - awarded 7 of the last 8 years by either InformationWeek or Computerworld as one of the 100 Best Places to Work in IT.

SUMMARY: 

 

This position will be responsible for the implementation, daily oversight, and analysis of IT Risk Management systems and services including access control systems, network and perimeter controls, log and event correlation systems, and system and network component baselining. Specific systems to be addressed include Content Filtering, Malware Prevention and Detection, Windows GPO and System Baselines including Assessment Software to verify configurations, and Remote Access Management including authentication, VPN configuration and remote access to Mail systems.  The position will be expected to support security aspects of IT projects and tasks including the evaluation, testing and integration of new systems and services, the maintenance and ongoing support of architectures, platforms and applications, and the remediation of security events related to IT systems and applications.  The engineer will monitor systems and indicators, evaluate various inputs and provide interpretation of the results, and work with various factions of Janney to mitigate and minimize threats.  The engineer will also assist with authorization and access control systems used to administer access privileges for internal IT customers.

 

The position will require continual analysis of the confidentiality, availability and overall integrity of various aspects of the computing environment including servers, network components, individual workstations and controls and protections provided at the perimeter.  The role works within the IT Risk Management organization to ensure that the physical and logical stability, reliability, confidentiality, and integrity of Janney systems is in accordance with policies, procedures and guidelines.  The engineer will perform the remediation of audit and compliance items, evaluate pre- and post-audit assessments, and to assist with the research and update of the current security standards and policy items ensuring the secure operation of our corporate infrastructure.

 

 

ESSENTIAL FUNCTIONS: 

 

  • Provides ongoing tracking and remediation of security issues, ensuring that tickets are closed and issues are addressed in a timely manner.
  • Ensures that changes and enhancements are carried out properly and on a timely basis within corporate security guidelines for change, configuration and patch management. Security oversight of a regimented change and release management methodology includes assigning security and patch updates to follow the firm’s change management procedures and a patch release schedule.
  • Manages multiple priorities effectively. Maintains clear and efficient communications with management and customers. Provides guidance to peers. Discusses technical subject matter for senior management.
  • Responds to issue escalation and service interruption as a confident technical resource. Assume technical leadership role in problem resolution and root cause analysis. Provide actionable after-incident analysis to ensure root cause issues are logged and remediated.
  • Works closely with development, network, and support teams in implementation of infrastructure components supporting emerging technologies and applications.
  • Prepares activity and progress reports ensuring issues are properly escalated and resolved to maintain delivery schedule, project cost, and desired results.
  • Perform System performance diagnosis and scalability assessment activities.
  • Evaluates emerging technologies; implements systems/architectures based on best practices and audit and compliance issues; Assume technical leadership role in compliance resolution and audit and vulnerability remediation.
  • Maintains effective external relationships with vendors, consultants, and service providers; leverages these relationships to ensure that the best fit solutions and resources are available to the firm.
  •  

ESSENTIAL QUALIFICATIONS: 

  • 3-5 years experience with network perimeter security
  • 3-5 years experience with web security, content filtering, and social media
  • 1-3 years experience with managing Windows security
  • 2 years experience with anti-virus and patch management in a Windows environment
  • 2 years experience with multi-factor authentication and access controls
  • Knowledge of hardware and software hardening practices  
  • Experience in adhering to vulnerability remediation and change management disciplines.
  • Proven experience with Business Continuity and Disaster Recovery ideals and practices
  • Excellent documentation skills.

Required skills/competencies:

  • Knowledge of Access Controls, including Active Directory, RADIUS and MFA capabilities.
  • Functional knowledge of core Networking concepts including TCP/IP , DHCP, DNS, load-balancing, VLAN segmentation, network traffic capture and analysis (basic level). Potential support of Remote Access and SSL based VPN
  • Assist with support of appliance-based Authorization and Password Vaulting systems, enterprise level Malware systems and content filtering
  • Knowledge of service and software update releases and processes including participation in the patch management
  • Ability to participate in the Change Management process providing security oversight for changes and modifications to the environment.  Use of Group Policy and other Centrally Managed Policy based systems to ensure consistent baselines.
  • Experience providing efficient, high quality technical support services to ensure timely response to queries, resolution of problems, and reporting/escalation of issues related to Janney Servers and systems.
  • Ability to ensure Janney systems exceed service level targets through the use of reliable products, services, network and system monitoring, penetration and security testing, and sound practices.
  • Familiarity with current best practices in IT standards, principles, and security practices.
  • Ability to communicate planning and development status and provide technical documentation for management.
  • Excellent communication, interpersonal, and mentoring skills

Required certifications/registrations:

Security+ or CISSP suggested.

 

Preferred experience:

  • University degree or equivalent experience
  • Working experience in Computer Systems Administration
  • Previous Risk Assessment, compliance reporting experience
  • Working knowledge of financial industry.

 

Physical Requirements:

  • Ability to lift and carry up to 40 pounds
Dice Id : RTX150827
Position Id : 6698760
Originally Posted : 2 months ago
Have a Job? Post it

Similar Positions

Senior Cybersecurity Analyst - Partial Remote
  • Phoenix Technology Partners, LLC
  • Chadds Ford, PA
Cyber Security - Network Admin - Level III
  • Forrest Solutions
  • Swedesboro, NJ
Senior Information Assurance Advisor
  • Penn Medicine
  • Philadelphia, PA