Security Engineer

Job Description

Job Description

ComResource is looking for a Security Engineer.

This person will be responsible for working in several different security and governance, risk, and compliance disciplines under the direction of the Director of IT Security & Governance.

In this role, you will establish and maintain a corporate-wide information security program and controls to ensure that information assets are adequately protected and will act as an adviser to the various business units.

This position requires strong knowledge of security concepts, tools (anti-virus, IPS), and programs (vulnerability management, incident management, identity & access management, data loss prevention).

Responsibilities include designing, implementing, supporting, and monitoring the security infrastructure. This position is also responsible for ensuring compliance with security requirements such as Sarbanes-Oxley and PCI.

Responsibilities :

• Strategic Support
• Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of the existing controls, recommends remedial action
• Manage the process of gathering and analyzing the current and future threat landscape
• Monitor and report on compliance with the security policies, as well as the enforcement of policies with the IT Department
• Security Liaison
• Coordinate the Security Event Information Management log analysis (i.e. Splunk or similar), applications whitelisting malware analysis, quarantine, and eradications
• Work with the IT leadership and business stakeholders to define metrics and reporting strategies that effectively communicate the successes and progress of the security program
• Engineering Support
• Assess and evaluate outsourced vendors that provide information security functions for compliance with the contracted service-level agreements
• Manage and coordinate operational components of incident management, including detection, response, and reporting
• Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends, practices, laws, and regulations
• Perform day-to-day activities for threat and vulnerability management, identify risks, and identify possible treatment plans
• Assist in the design and oversight of security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks
• Operational Support
• Research, evaluate, design, test, recommend, or plan the implementation of the new or updated information security hardware or software, and analyze its impact on the existing environment;

provide technical and managerial expertise for the administration of security tools

Assist the enterprise architecture team to ensure that there is a convergence of business, technical, and security requirements;

liaise with the IT management to align existing technical installed base and skills with the future architectural requirements

• Develop strong working relationships with the corporate and brand infrastructure teams to develop and implement controls and configurations aligned with security policies, legal, regulatory, and audit requirements
• Develop and validate baseline security configurations for the operating systems, applications, networking, and telecommunications equipment
• Ensure corporate standards are properly communicated to technology units, business partners, and customer teams
• Participate in efforts to validate security solutions and ensure strategies are aligned with the business architecture
• Provide technical support for the establishment and implementation of end-to-end security solutions utilizing new technologies
• Provides technical expertise for vulnerability and management, patch management, and security baselines

Essentials :

• Bachelor's degree, CISSP certification, or relevant industry experience
• Excellent technical knowledge of mainstream operating systems (i.e. Windows, Linux, MacOS, etc.) and a wide range of security technologies, such as network security appliances, identity and access management systems, anti-malware solutions, automated policy compliance and desktop security tools
• Extensive knowledge and experience with technical security controls and vulnerabilities including IPS, anti-virus, vulnerability scanners, firewalls, and other security devices
• Technical expertise in vulnerability management, patch management, and security baselines
• Knowledge and understanding of information risk concepts and principles, risk assessment methods, and technologies
• Strong project management skills including requirements analysis, project scoping, problem-solving, status reporting, technical analysis, and meeting tight deadlines
• Strong technical consulting skills including making recommendations in both written and oral form, leading training for clients and peers, understanding client work practices, and showing initiative when confronted with urgent and complex technical dilemmas
• Strong collaborative and communication skills including working with internal cross-discipline teams, vendor engineering resources, and client technical leads
• Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff
• Experience in security technologies (IPS, anti-virus, firewall, etc.)
• Security Planning, Installation, and Administration (3-5 Years)
• IPS, Anti-Virus, Logging, Vulnerability Management (3-5 Years)
• Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts highly desired (3-5 Years)
• Experience with security design and implementation
• Knowledge of best practices for security and compliance (NIST, ISO, PCI, SOX)
• Web application experience preferred
• Demonstrate effective decision-making, problem-solving, analytical, and communication skills
• Must possess a high level of initiative and self-motivation
• Ability to work independently and effectively building partnerships to facilitate the accomplishment of goals
• Strong organizational / time -management skills
• Effective at planning and leading meetings to accomplish stated goals and objectives
14 days ago