The Information Security Engineer
Performs IT functions such as design, analysis, evaluation, testing, debugging, and implementation of technology supporting company business processes and operations. Analyzes, designs, acquires and implements security solutions. At higher job levels, may contribute to the development, testing, evaluation or design of system or infrastructure used throughout the IT solution set.
May be internal or external client-focused, working in conjunction with Professional Services and outsourcing functions.
May include company-wide, web-enabled cloud solutions.
- Plans, designs, builds, implements, and maintains new and existing Information Security infrastructure including Web Application and Network Firewalls, Intrusion Detection Systems, Identity Management and Access Control Systems, Vulnerability Management Systems, Data Leakage Prevention, Anti-Malware and related information security solutions that help ensure protection of information assets
- Contributes to the development and implementation of data security policies, procedures, standards, and guidelines in support of the client’s Information Security Program.
- Maintains currency with techniques and tools that support the data security architecture.
- A solid understanding of various data networking platforms (e.g., switches, routers, firewalls, IDS/IPS).
- Hands on technical experience with Firewall administration (ideally Cisco ASA, ESA, WSAs and Checkpoint)
- Deep understanding of how to implement security solutions (e.g. Web Application Firewalls (Imperva), IDS/IPS, SIEM, File Integrity Monitoring, VPNs, Data Loss Prevention, Vulnerability Management, Penetration Testing) according to security policy.
- Requires strong technical expertise across three or more infrastructure technology areas
- Requires analytical ability, strong judgment, problem solving skills, and effective human relations skills to work cross functionally across the Enterprise with staff and all levels of management in various disciplines
- Uses professional concepts and company objectives to resolve complex issues in creative and effective ways.
- Ability to function in a complex environment thru multi-tasking and establishing and communicating priorities
- Strong interpersonal and communications skills; capable of writing proposals or papers, acting as a vendor liaison, making presentations to customers or client audiences or professional peers, and working closely with upper management, acquired company personnel and outsourced service provider.
- Strong listening and collaboration skills; must work effectively with engineers in other domains such as servers, operating systems, and storage.
- Ability to execute approved integration plans according to timelines laid out.
- Ability to solve problems quickly.
- Solid in-depth understanding of data processing and related data security concepts
- A degree in Business, Computer Science or equivalent combination of education and relevant experience.
- Minimum of three (5) years’ experience in data security on mainframe, UNIX, mini-computer, and networked environments.
- Experience maintaining support for multiple security technologies including firewalls, multiple-level security applications, security assessment, and monitoring of activity
- Demonstrates "expert user" knowledge for all company technology, standard applications, and custom and third party business applications, within his/her group’s area of responsibility to ensure user satisfaction and productivity.
- Knowledge of Sarbanes/Oxley sections 404, PCI-DSS, FFIEC, and ISO 27001/2.
- Ability to work under stressful conditions.
- Excellent communication skills.
Post graduate course work in Computer Science or Business Administration a plus
CISSP and/or CISM certifications, and other technical certifications a plus.