Information Security Engineer

Mid Atlantic Capital Group•Pittsburgh, PA

5h•Hybrid

About The Position

The Information Security Engineer with EdgeCo Holdings is responsible for designing, implementing, and monitoring security measures to protect EdgeCo’s organization’s computer networks and systems from cyber-attacks across the parent and all divisional companies. This role requires a deep understanding of both offensive and defensive security tactics, as well as the ability to anticipate and mitigate potential vulnerabilities. The role is required to understand Information Security risks as it pertains to our various businesses as well as trends in Information Security including offensive threats and appropriate defensive controls to manage them. The role will be required to understand Information Security risks and how these risks are managed by our Information Security Program and how to manage risks using technologies, tools, and logical and administrative controls to our risk tolerance and appetite. The role works with the Enterprise IT organization working with and running projects with Desktop Support, Infrastructure, and Operations as well as with our various business line development teams to ensure secure supportable applications and systems. The role will work with stakeholders to develop comprehensive security strategies that align with business objectives while performing standard security assessments of architecture to identify risks and any residual risk to be accepted.

Requirements

Demonstrated experience supporting third party tools to manage and audit information systems.
Working knowledge of security concepts such as: security information and event management (SIEM); point products like anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS) and penetration testing tools.
Cloud security exposure that includes tools and associated risks as well as Cloud based information security tools for Data Loss Prevention, CASB, Cloud Security Posture tools, WAF, SASE and other Infosec tools.
Exposure to various regulatory requirements and or frameworks such as Payment Card Industry (PCI) or COBIT/NIST CSF/ NIST 800.53, ISO 27001/Cloud Security Alliance etc.).
High degree of proficiency in MS Office Suite, Outlook & Internet applications.
Strong, professional, and effective verbal and written communication skills.
Strong analytical, prioritizing, problem-solving and presentation skills.
Ability to work closely with cross-functional teams, while operating independently.
Self-motivated with critical attention to details and deadlines.
Ability to adapt well to change in direction and priority in a fast-paced and deadline-oriented environment.
BS degree in the field of Computer Science, Information Systems, or related field and/or relevant certification with 5+ years equivalent work experience.
5+ years managing Information Security tools, services and risk exposure and risk assessment processes.
Demonstrated experience in successfully supporting an Information Security program in a mid-sized company with significant regulatory and contractual obligations.
5+ years of Information Security experience
5+ years in a professional environment
Strong Reading/Writing skills required

Nice To Haves

Desired certifications include: MCSE, MCSA, A+, Network+, CISSP, Cisco, VMware, PMP or Project+, and Information Technology Infrastructure Library or relevant experience.
Strong hands-on/technical knowledge of core Microsoft technologies including but not limited to Windows Servers, Active Directory.
Technical knowledge of core networking tools and products.
Experience as an Azure Administrator or equivalent role.
Experience with SCRUM/Agile development methodologies.
Ability to keep up to date with cloud offerings and solutions.

Responsibilities

Configure, monitor, and/or support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures.
Assist with the identification, response, investigation, and remediation of potential breaches and issues surrounding data security.
Recommend enhancements to existing and new security hardware, software, or related tools.
Ensure security best practices are identified and integrated into all facets of projects according to the published Software Development Life Cycle (SDLC).
Perform vulnerability scans and research new vulnerabilities and malicious software; review the company’s potential exposure.
Perform network, system, and server security assessments as well as ad-hoc audits to company policies, processes, procedures and validate according to internal and external industry standards and best practices.
Monitor, analyze, and communicate security alerts and information according to policies and procedures for primary ownership areas in our InfoSec tool set.
Regularly make recommendations to improve the security posture of enterprise systems and network infrastructure.
Participate in IR processes for specialty areas and tool sets under their management and to support standard IR processes and procedures.
Assist with new technology reviews, consulting with I&O teams in the support of new enterprise applications and technologies entering the infrastructure, proposing, and recommending process improvements, and working collaboratively with peers and support teams.
Contribute to the development of InfoSec strategies to align with the overall business strategy as well as corporate strategy.
Contribute, perform and act as primary owner in the development, implementation and execution of 'best practice' standards as well as departmental policies and procedures.
Process or program management, and mentoring junior staff members.