Desired Skills and Experience
- Ensure systems and sensitive information are protected from internal and external unauthorized access, modification, deletion or disclosure in compliance with major industry policies, standards, and security best practices.
- Designing, map, configure, and implement security solutions for various commercial information security tools aligning with business requirements appropriate per accepted risk level.
- Work with a variety of security efforts that span application and network level initiatives.
- Partner with Network, Application, DevOps, and Systems Engineers and Architects as well as impacted business units as a technical advisor and champion of your domain in information security. Provide guidance to security analysts, project managers, and engineering units on your tool’s configuration, functionality, and environmental impact.
- Assess and identify attack vectors. Bring additional control to the threat surface area and mitigate vulnerabilities through suggesting and implementing appropriate tool thresholds and building additional capability.
- Hands on installation, configuration and support of security related hardware and software such as Certificate Management, Enterprise Anti-Virus/Malware, Data Loss Prevention, File Integrity Monitoring, Security Auditing, and Vulnerability Management applications and systems.
- Passion about new technology and motivation to drive it from ideation through deployment and integration to fully automated and operationalized security asset.
- Some basic automation knowledge for integration, data collection, scripting and reporting tasks.
- Knowledge or work in incident response activities for network intrusions, virus infections, and internal security violations.
- Knowledge or work assessing risks and providing innovative countermeasures and solutions that balance security and business requirements.
- Significant information security experience on Windows, Unix, and Linux platforms.
- Significant IT infrastructure or networking proficiency and experience that could include one or more of: Encryption, Tokenization, Forensics/eDiscovery, Penetration Testing, Firewalls (OS, WAF), Proxies, Routers, Gateways, VPN.
- Foundational understanding of several enterprise environment technologies including servers, databases, networking, applications, services, and hybrid platforms.
- Understanding of some of the controls and policy standards in our current legal and regulatory environments such as PCI, SOX, HIPAA, GLBA, NIST, etc.
- Penetration Testing experience a plus.
- CISSP or other industry certifications a plus.
Apply