Security Engineer

Description

• Responds to and, where appropriate, resolves or escalates reported security incidents. 
• Monitors system logs, SIEM tools, hunts for exploits and network traffic for unusual or suspicious activity.
• Interpret such activity and make recommendations for resolution. 
• Investigates and resolves security violations by providing postmortem analysis to illuminate the issues and possible solutions. 
• Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained. 
• Working knowledge of compliance standards such as, NIST, ISO27001, HIPAA, HiTRUST and FedRAMP. 
• Working experience on various security tools to locate and repair security problems, exploits, incidents, or failures. 
• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management. 
• Experience with NESSUS in a complex network environment. 
• Experience with a variety of security tools and software. 
• Working experience on regulatory compliance drivers such as NIST CSF and NIST. 

All employees have the following security and privacy responsibilities:

• Complete required security and privacy training timely.
• Abide by all corporate security and privacy policies.
• Report all suspected incidents to the Security & Risk Team promptly. 
• Safeguard all company assets and credentials in their possession.
• Safeguard all sensitive personally identifiable information[1] must be protected and used only for business purposes.

Requirements

• 6-8 years of Information Security experience bachelor’s or master’s degree computer science or in a related field, or an equivalent level of competence obtained through experience.  
• Deep understanding of Microsoft Windows operating systems, MS active directory and Linux. 
• Experience working with IP networking, networking protocols, and understanding of security related technologies including encryption, VPNs, firewalls, IDS/IDP, content filters and syslog correlation tools. 
• Deep understanding of vulnerability scanning and providing guidance on remediation requirements.
• Experience SIEM technologies.
• Understanding of security/computer incident response methodologies. 
• Experience with vulnerability scanning using commercial and open-source tools. 
• Strong technical writing skills.
• Strong interpersonal skills and teamwork skills.
• High level of work independence.