Security Engineer II - Threat and Vulnerability

About The Position

Requirements

• Advanced understanding of security control environment (access control, logging, authentication, encryption, integrity, etc.);
• Experience coordinating corporate-wide initiatives for obtaining security-related assurances.
• Familiarity with federal and state legal and regulatory requirements related to information security.
• Understand the advanced tenants of security risk management and defense-in-depth practices.
• The ability to combine pieces of information to form general rules or conclusions.
• Ability to use logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or problem approaches.
• Ability to consider the relative costs and benefits of potential actions to choose the most appropriate one.
• Ability to analyze needs and product requirements to create a design.
• Minimum Required: Bachelor's degree in Cybersecurity, Information Security, Computer Science, Management Information Systems or related field.
• Minimum Required: 2-4 years' experience in an information technology role, including experience with security-related systems and solutions.
• Proficient in Vulnerability Management and SIEM solutions
• Strong understanding of analyzing and incorporating threat intelligence
• Experience with ticketing systems
• Experience with office productivity, reporting, and technical documentation software
• Exposure to systems monitoring tools and logging tools
• Numerous versions of Microsoft Windows and Web Browsers
• Proficient in Microsoft Excel, Word, PowerPoint, Outlook

Responsibilities

• Researches emerging threats and vulnerabilities to aid in the identification of incidents.
• Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs).
• Assist in identifying potential threats' tactics, techniques, and procedures (TTPs) through the MITRE ATT&CK or similar frameworks.
• Research and understand vulnerabilities, including different ways to exploit them.
• Assess threats and vulnerabilities and the level of risk to the firm.
• Identifies deviations from acceptable configurations and enterprise or local security policy.
• Interface with network and server administrators, desktop support, developers, and business stakeholders on security vulnerabilities and threats.
• Track remediation efforts for identified vulnerabilities through agreed-upon completion dates and plans. Ensure remediation efforts are in compliance with associated corrective action timeframes.
• Work collaboratively with all Stifel departments to ensure local practices are consistent with corporate information security policies and standards.

Benefits

• comprehensive benefits package to include health, dental and vision care
• 401k
• wellness initiatives
• life insurance
• paid time off