Information Security Engineer

Job Type Full-time Description

Purpose

The Information Security Engineer role, as a member of the Information Security & Governance (“ISG”) team, is dedicated to ensuring the confidentiality, integrity, and availability of all IT assets within the Firm.

Responsibilities

Collaborate with all teams throughout the firm to:

• Ensure security is appropriate and prioritized
• Analyze and resolve security concerns
• Continuously improve all facets of the Firm’s information security practice

Vulnerability Management Program

• Perform asset scans, tracking, documenting, and reporting on vulnerabilities
• Conduct research, prioritize, and remediate vulnerabilities

Managed Threat, Detection & Response

• Ensure quality of service for the Firm
• Provide feedback to optimize SIEM alerting, reducing false alerts
• Appropriately responds to all SIEM (Security Information and Event Management) alerts
• Ensures SIEM is receiving information from all assets at the appropriate level of verbosity

Information Security Program

• Write and validate controls, safeguards, and standards for the IS program
• Implement and document Firm practices to align with the IS program
• Monitor and capture evidence of IS program control/safeguard compliance
• Monitor, track, and report on key performance indicators (KPIs)
• Assess effectiveness and identify weaknesses in the IS program
• Conduct incident response and recovery exercises 

Assists with ISG projects, third-party penetration tests and information security awareness campaigns

Deploy, manage, and maintain all security software

Evaluate and select security tools and vendors

Evaluate security practices for the Firm’s potential third-party vendors

Provides timely responses to all requests for service and calls for information security support 

Uses the ticketing system to record and track security tasks and requests for assistance

Provides answers to due diligence questionnaires

Facilitates access reviews

Assists with inventory control of IT assets in conjunction with other IT teams 

Keeps current with emerging security alerts, issues, tools, and skills

Assists in recruiting, hiring, training and development of ISG staff 

Professional Conduct 

• Demonstrates commitment to the firm's values of Accountability, Integrity, Excellence, Grit, and Love
• Ensures day to day activities align with established priorities and objectives
• Collaborates with colleagues, building trust-based relationships throughout the firm
• Openly exchanges ideas and opinions in addition to listening with consideration
• Nurtures a culture supportive of disciplined and systematic process management with data driven decisions
• Resolves conflict utilizing direct and respectful communication
• Holds self and others accountable for their words and actions
• Focuses on the root cause of events and the subsequent prevention of recurrence
• Leverages best practices and demonstrates a commitment to continuous improvement
• Targets effective control through process mapping, system/practice documentation, and monitoring
• Oriented towards optimization and efficiency in process
• Effectively conveys a sense of urgency and bias for action

Requirements

  

Qualifications

• Bachelor's degree in a technical, scientific, or quantitative discipline

           In lieu of formal education, equivalent work experience in IT or technical field

• +2 years of experience working on an IT service desk or within IT operations

         +4 years of experience without a college degree

• Professional certifications demonstrating security proficiency, like CompTIA Security+, are a plus
• Knowledge of cyber security and governance control frameworks
• Work history evidencing superior service delivery within challenging and dynamic environments 
• Critical thinker with considerable experience performing root cause analysis 
• Compulsively organized and driven to bring order and direction to fluid environments 
• Effective communicator

Salary Description $110,000 to $145,000 total comp