Information Systems Security Engineer

About The Position

Requirements

• Bachelor's Degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required
• 10+ years of IT related experience
• Experience with modern networks, operating systems, databases, and virtual computing (Bash, Linux, or UNIX)
• Expert technical knowledge in security engineering and IT systems engineering.
• Experience with SAML Development Software use (Oracle Java, Perl, and Python)
• Experience with SQL
• Experience with AWS
• Experience with applying and managing baseline policy guidance from federal partners (eg. DISA)
• Experience with Windows Update System Server (WSUS) or System Center Configuration Manager (SCCM), and other systems as necessary to retain Authority to Operate (ATO) or manage policy updates
• Skilled in management and implementation of enterprise systems and cybersecurity policy while meeting organizational system deployment standards, cybersecurity initiatives, and regulatory compliance
• Exceptional knowledge in applying advanced System Management and Cybersecurity policies
• Possesses a thorough working knowledge of Incident Response principles, systems administration techniques, and has a broad understanding of industry standards, and best practices
• Ability to cope with fast- paced, dynamic work environment where areas of responsibility are broad and encompass multiple technologies.
• Skill in establishing and implementing policy needed to govern IT activities.
• Drive strategic evolution of technology and policy for the management of IT systems provided by the Commission for internal and external business partners

Nice To Haves

• Certified Information Systems Security Professional (CISSP)
• Deep understanding of information security principles, concepts, and best practices.
• Ability to conduct comprehensive risk assessments, identify vulnerabilities, assess threats, and develop risk mitigation strategies.
• Proficiency in designing secure and resilient information systems architectures, including networks, applications, databases, and cloud environments.
• Researched and evaluated emerging security trends and issues to assist customers in improving the security posture of the organization.
• Understanding of cloud security concepts, architectures, and best practices, including identity and access management, data encryption, and secure configuration management in cloud environments.
• Researched web application firewall(WAF) technology limitations and advised development teams on remediation of vulnerabilities not covered by WAF security policies.
• Experience in designing and implementing Identity and Access Management (IAM) solutions, including user authentication, authorization, and privilege management.
• Knowledge of encryption algorithms, cryptographic protocols, and key management principles to protect data at rest, in transit, and in use.
• Proficiency in security testing methodologies, including penetration testing, vulnerability assessment, code review, and security audits.
• Ability to develop and implement incident response plans and procedures, including detection, analysis, containment, eradication, and recovery from security incidents.
• A deep understanding of enterprise operating systems.
• Knowledge of programming languages and tools

Responsibilities

• Security Architecture Design: Develop and implement secure information systems architectures, including networks, applications, databases, and cloud environments, to protect against cybersecurity threats and risks.
• Risk Assessment and Management: Conduct risk assessments to identify vulnerabilities, assess threats, and develop risk mitigation strategies to minimize security risks and ensure the security posture of information systems.
• Security Tool Implementation and Management: Deploy and manage security tools and technologies, such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, SIEM (Security Information and Event Management) systems, and encryption tools, to detect and prevent security incidents.
• Incident Response and Management: Develop and implement incident response plans and procedures to effectively respond to security incidents and breaches, including detection, analysis, containment, eradication, and recovery.
• Security Testing and Evaluation: Perform security testing, including penetration testing, vulnerability assessment, code review, and security audits, to identify and remediate security vulnerabilities in information systems.
• Identity and Access Management (IAM): Design and implement IAM solutions, including user authentication, authorization, provisioning, de-provisioning, single sign-on (SSO), and privilege management, to ensure appropriate access control and user management.
• Security Compliance and Standards: Ensure organizational compliance with regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI DSS, ISO 27001) through regular assessments, audits, and adherence to security policies and procedures.
• Secure Configuration Management: Implement and maintain secure configurations for operating systems, applications, network devices, and cloud services to minimize security risks and vulnerabilities.
• Security Awareness and Training: Provide security awareness training to employees to promote a culture of security and compliance and keep stakeholders informed about emerging threats and security best practices.
• Collaboration and Communication: Collaborate with cross-functional teams, including IT, security, compliance, and business units, to address security concerns, communicate security risks, and provide security guidance to stakeholders.

Benefits

• Medical – 100% company paid for employees with dependent options
• Dental and Vision
• Retirement Savings (401k) up to 4% match
• Health Savings Account (HSA), FSA and DCFSA
• Company-paid Short/Long-term disability (w/ additional supplemental options)
• Company-paid Life and AD&D (w/ additional supplemental options)
• Generous Paid Time Off and ALL 11 Federal Holidays
• Legal and Identity Protection Services
• Bonuses for certifications and reimbursement
• Employee Perks: UberOne, Company Outings (Sporting events, Happy Hours, etc.), Discounts on services including Pet Insurance