Sr Info Security Engineer

About The Position

Requirements

• Bachelor and/or Masters degree in Computer Science, Information Systems, Business Administration and/or equivalent security certification (CISSP, SSCP, GIAC, CEH, etc).
• Extensive experience in/with: Reporting unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
• Assisting and training team members in the use of security tools, the preparation of security reports and the resolution of security issues.
• Developing and maintaining documentation for security systems and procedures.
• Responding to security incidents and resolving and/or escalating reported incidents as appropriate
• Monitoring system logs, SIEM, DLP tools and network traffic for unusual or suspicious activity and interprets these activity, making recommendations for resolution.
• Investigating and resolving security violations by providing post event analysis to illuminate the issues and possible solutions.
• Implementing and/or coordinating remediation required by audits, and document exceptions as necessary.
• Performing system and application vulnerability testing.
• Researching threats and vulnerabilities and where appropriate, taking action to mitigate these issues.
• Conducting penetration tests and vulnerability assessments on information systems and infrastructure.
• Supporting information security architectural requirements.
• Developing a common set of security tools defining operational parameters for their use and conducting reviews of tool output.
• Working with/mentoring less experienced staff on deploying, tuning and running vulnerability-scanning and penetration-testing tools.
• Providing second- and third-level support and analysis during and after a security incident.
• Participating in security investigations and compliance reviews, as requested by internal or external auditors.
• Maintaining an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security.
• Participating in the enterprise architecture (EA) community, and providing strategic guidance during the EA process.
• Researching, evaluating, designing, testing, recommending and planning the implementation of new or updated information security technologies.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Mainstream operating systems [for example, Microsoft Windows and Red Hat Linux] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
• Network security technologies (e.g. SIEM, DLP, Firewalls, IDS, IPS, application proxies and routing and switching fundamentals
• Information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
• Network infrastructure, including routers, switches, firewalls, and the associated TCP/IP network protocols and concepts.
• Regulatory requirements such as PCI, FFIEC and Gramm-Leach-Bliley Act
• Current systems' software, protocols and standards
• Excellent presentation, persuasion, written and interpersonal skills to include procedure and technical material, report/proposal preparation and oral presentation.
• Contribute and collaborate as a lead member of a team
• Work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously
• Work proactively and independently

Responsibilities

• Provides senior level support to the information security team and closely works with the other members of the team to develop and implement a comprehensive information security program, including defining security policies, processes and standards.
• Works with the IT department to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.
• Provides support and oversight to security standards to ensure boundary control, integrity of information and security monitoring technologies are reducing risk for ACG enterprise.
• Closely works with Directory of Enterprise Information Security and senior leadership teams to ensure security for ACG information.
• Develops a common set of security tools/controls, defines operational parameters and analyzes tool output.
• Provides oversight to security staff on deploying tuning and running vulnerability scanning and penetration testing tools.
• Provides support to the coordination and remediation required by Audit and keeps current on existing and proposed security-standard-setting, state and federal legislation and regulations pertaining to information security.

Benefits

• Medical, dental and vision benefits
• 401k Match
• Paid parental leave and adoption assistance
• Paid Time Off (PTO), company paid holidays, CEO days, and floating holidays
• Paid volunteer day annually
• Tuition assistance program, professional certification reimbursement program and other professional development opportunities
• AAA Membership Discounts, perks, and rewards and much more