Type: Full Time
The system and Security engineer role is to ensure the secure operation of Enterprise computer systems, servers, applications, network connections and controls. This includes involvement in the implementation of new security solutions, participation in the creation and maintenance of policies, standards, baselines, guidelines and procedures, as well as conducting vulnerability audits and assessments. You will serve as the subject matter expert of internal security and work closely with our client's IT, Compliance and other teams when needed. The Systems and Security Engineer is expected to be fully aware of the client organization's security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.
- Develop/update security/network operations strategy for ~ 500 server environment.
- Plan and design security architecture for all systems. Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle. Work with the IT department and members of the information security team to identify, select and implement technical controls.
- Assist in the implementation of security best practices in accordance with ISO 27001 Information Security Management System and other nation/international security standard.
- Recommend and maintain reporting requirements to support the OCIO regarding security and related network metrics and vulnerabilities.
- Report to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
- Maintain and build relationships with business units and serve as an information consultant to teams and manager to ensure compliance with information security standards and guidelines through applicable policies, procedures and processes.
- Document security concerns and alert appropriate parties on security issues in a accordance with contractual SLAs. Maintain status reports and priority of all security issues on a regular basis.
- Provide day-to-day management of the Information Security Program. Analyze security reports for unauthorized, inappropriate access and/or intrusions in accordance with department policy/protocol, highlighting trends across the organization.
- Assist in the testing, selection, placement, implementation, documentation, operation and maintenance of various information security technologies.
- Research, recommend, and/or develop Information Security education training for continuing education and orientation programs to all employees and staff members.
- Recommend and provide input to Disaster Recovery protocols. Assist in returning to normal the operations of all essential systems and networks after events such as disaster recovery, cyber attacks, vandalism, and equipment failure.
- Demonstrate familiarity with legal requirements relating to information security and keep abreast of current trend and development on the field.
- Perform additional, related duties as assigned.
- Minimum of 10 years of Computer Networking, Technical Support, System Administrtion or Network Security experience
- Bachelor's Degree in Computer Science or related discipline required; Master's Degree preferred
- CISSP and/or CEH certification required
- Knowledge of TCP/IP
- Strong passion and mindset for security development and technologies
- Knowledge in common InfoSec best practices
- Ability to work effectively with and lead team members
- Self-motivated, with ability to manage and follow up on multiple tasks simultaneously
- Ability to effectively communicate complex ideas and solutions to a variety of audience
- Comfortable working in complex, fast paced, fluid environments
- Experience with WireShark or other packet sniffing devices
- Experienced in OS and Network device logs
- Experience with Snort and other IDS incident response tools