Security Engineer II

About The Position

Requirements

• BS/BA and 8+ years’ experience or equivalent combination of education and experience, and 4 years of SME in respective areas
• Knowledge of Microsoft Office Suite.
• Endpoint Management Experience (BigFix, WSUS/SCCM, Symantec, Trend Micro, etc)
• Identity and Access Management
• Certificate Management
• Patch Management (Windows and Unix)
• Intrusion Detection and Prevention
• Security Awareness Training
• Mobile Device Management
• EDR (Endpoint detection and response)
• Web Content Filtering
• Device Encryption
• Vulnerability Assessment Tools
• Firewall and VPN
• Secure E-mail, Anti-SPAM
• Webserver applications
• Web API Service Security
• Business Continuity (Disaster Recovery)
• Compliance and Audit (HIPAA, HITRUST, SOC, GovRAMP and PCI a plus)
• OS Administration (Windows, Linux and Unix)
• Authentication and SSO
• Container Security
• Must have excellent analytical, problem solving and communication skills.
• Familiarity with SSAE SOC 1 and SOC 2, HITRUST, federal/state security and privacy frameworks, HIPAA, PCI and regulatory requirements for information security.
• Must be able to work on a team and build good working relationships with team members and internal clients.
• Must have good understanding of standard policies and procedures for information security.
• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.
• Ability to define problems, collect data, establish facts, and draw valid conclusions.
• Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
• Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals.
• Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.
• Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community.
• Ability to respond effectively to the most sensitive inquiries or complaints.

Nice To Haves

• Security Certification strongly preferred
• OWASP, ISSA, ISACA membership a plus

Responsibilities

• Enforces policy and supports security procedures, applications, and systems through the documentation of the resolution of assigned cases that range from simple to complex.
• Recommends changes to existing security process and procedures.
• Ability to utilize Endpoint Threat Detection and Response/Hunting toolsets
• Creates requirements for product evaluations and/or procedures to enhance productivity and effectiveness.
• Provides direct support to the business and IT staff for security related issues.
• Drives the delivery of new and upgraded security applications, systems, and workflow.
• Tests new systems for effective operations.
• Leads efforts to proactively maintain and improve the automation, reliability, consistency, and the quality of existing IT security tools and environments throughout the organization.
• Assists in the design, deployment, integration and configuration of security solutions or enhancements to ensure functionality.
• Ensures the confidentiality, integrity, and availability of data residing on or transmitted to, from, or through the enterprise workstations, servers, application systems, and data repositories.
• Initiates, facilitates, and promotes activities to create information security awareness.
• Disseminates and educates users on security policies and practices.
• Participates in regular security awareness training and updates to ensure consistent compliance with IT Security Policies.
• Works cross-functionally and interacts with internal business units and stakeholders to support the business’ needs.
• Using an automated customer case request system, tracks and documents security service requests and completed cases.
• Participates in daily activities and reporting required for regulatory and contractual information security obligations.
• Coordinates tasks that are performed within the infrastructure (system administration, network administration, application support, etc.) for security updates and initiatives.
• Performs analysis, design and development of security features for system architecture.
• Participates in security incident investigations and provides on-going communication to security management.
• Identifies root causes of security events and proposes solutions; closes out and documents investigations.
• Ensures confidentiality and appropriate personnel are involved in the investigation.
• Maintains up-to-date industry knowledge through formal/informal training, industry associations and research of latest technologies critical to the success of the company’s information security program.
• Continuously works to identify and improve security solutions to defend the company against data security threats.
• Apprises and keeps management aware of security issues; handles and/or escalates issues appropriately.
• Provides guidance/training to less experienced staff.
• Apprises and keeps management aware of security issues; handles and/or escalates issues appropriately.
• Provides IT Security consultative support to internal and external clients.
• Manages IT Security related projects and assignments as assigned.

Benefits

• Medical
• Dental
• Vision
• Wellness Programs
• Paid Time Off
• Company Paid Holidays
• Incentive Compensation
• 401K with Company match
• Life and Disability Insurance
• Tuition Reimbursement
• Employee Referral Bonus