Senior Information Security Engineer (multiple positions) in Tempe, AZ.

About The Position

Requirements

• Requires a bachelor’s degree in engineering, computer science, information technology and 6 years in a Sr. Information Security Engineer, Principal Infrastructure Developer/Manager; Sr Associate; Sr. Infra. Specialist; Infra Dev Specialist; Infra Tech Specialist; or related occupation.
• 6 years of experience with AWS
• 6 years of experience with Azure
• 6 years of experience with JSON
• 6 years of experience with YAML
• 6 years of experience with Python
• 6 years of experience with SQL
• 6 years of experience with Linux administration
• 6 years of experience with IP networking
• 6 years of experience with firewalls
• 6 years of experience with PCI 4.0 DSS
• Creating and maintaining detailed technical writing including process, procedure, and change control record documentation
• Presenting materials and evidence with internal/external auditors (e.g.PCI, SOX or regulators).

Responsibilities

• Build and maintain an up-to-date comprehensive central inventory of U.S. Bank cryptography objects and assets such as keys and certificates used to encrypt sensitive data including: symmetric/asymmetric algorithms and protocols (aes, ecc); key management functions: exchange, agreement, derivation, wrapping; hash functions, initialization vectors, operations, nonces, macs, salts; sensitive digital certificates that have private keys (pkcs12/.pfx); cryptography libraries (openssl).
• Generate up-to-date enterprise reports for cryptography objects and assets.
• Map cryptography objects and assets with corresponding applications, filesystems and infrastructure systems and help assign ownership based on U.S. Bank CMDB including where and how they are used.
• Provide requirements to developers on the cryptographic objects and assets that needed to be scanned using APIs.
• Implement security solutions and technologies to protect data/assets from unauthorized access, use, disclosure, destruction, modification, or disruption.
• Provide project leadership, security oversight, and risk management on security projects.
• Set security design guidelines, frameworks, and models.
• Identify new security issues and risks and develop mitigation plans.
• Identify and document security objectives.
• Participate in projects that develop new intellectual property.
• Evaluate and recommend new and emerging security products and technologies.
• Develop and interpret security policies and procedures.
• Support acquisition and vendor risk assessment due diligence.
• Proactively seek solutions to mitigate risk and clearly communicate risks to the appropriate stakeholders

Benefits

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law
• incentive and recognition programs
• equity stock purchase
• 401(k) contribution and pension