Job Title (Date): Senior Information Security Engineer Summary of Responsibilities:
Essential Duties and Responsibilities:
Responsible for performing all activities necessary for maintaining a strong security posture for the enterprise as well as manage daily security monitoring, alerts, and remediation
As a subject matter expert (SME), plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards and best practices.
Partner with CISO on the over-all enterprise security program, plans, policies, initiatives, budget, internal and external audits, responses, as well as resolving audit issues and findings.
Prepare, prevent, detect, respond and recover cyber security events. Beyond analysis, they provide insight, direction, and leadership to secure information assets.
Knowledge or awareness in information security, compliance, assurance, and/or other security standard methodologies and principles
Responsible for assisting with activities designed to systematically run information security, such as security investigations, intelligence, assurance, and/or other project oversight, including developing standard methodologies for information security standards and handling IT controls and compliance with internal policies.
Minimize risk of cyber-attacks and focus on detection and response of threats - Monitor, detect, and respond to security events and incidents that may affect
Collaborate with IT and Information Security (IS) team to drive risk reduction through the rapid identification and remediation of vulnerabilities across the enterprise
Collaborate with the technical architect, other technical staff, and application architect to ensure enterprise pension system’s security posture is maintained and kept up to date.
Complies with all security policies and procedures, to ensure that the highest level of system and data confidentiality, integrity and availability is maintained
Develops security architectural reference material to ensure that security practices are being implemented in a repeatable fashion every time a new project is implemented.
Own the architecture and management of information security systems including, but not limited to, centralized logging, intrusion detection, security networks, application vulnerability scanning, penetration testing, patch management, identity and access management, and encryption and key management
Perform reviews and investigations of system logs, events, and alerts from all collected systems and architectures, and take required action to remediate any vulnerabilities and exposure issues
Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
Participate in business continuity planning and execution
Mentor, instruct, train, and assist Information Technology staff and end users in functions of enterprise infrastructure when required
Provide after-hours support for daily business needs
Other responsibilities as assigned.
The incumbent is required to:
Carry a cell phone with text messaging capabilities to respond to daily business needs.
Educations and Skills/Qualifications:
Bachelor's degree (B.S.) in computer science or related field; or
Five to seven years related experience and/or training; or
Equivalent combination of education and experience.
Certified Information Systems Security Professional (CISSP) Certification
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skills, and abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Competencies: Focus - Dedicated to meeting the needs of customers both internal and external. Talks, acts, and makes decisions with customers in mind. Accountability - Takes responsibility for all work activities and personal actions; follows through on commitments; implements decisions that have been agreed upon; maintains confidentiality with sensitive information; acknowledges and learns from mistakes without blaming others. Recognizes the impact of one’s behavior on others. Communication - Creates an environment of open, direct and proactive communication, both written and verbal. Is unafraid to communicate freely across layers of the organization. Collaboration- Develops cooperation and teamwork while participating in a group, working toward solutions which generally benefit all involved parties. Innovation - The commitment to search for and create new and innovative approaches to activities that enhances performance. Is willing to change.
Position Specific: Conceptual Thinking - Understanding a given situation or problem by combining information / knowledge that is readily present. This includes identifying patterns or connections between situations that are not obviously related; and identifying key or underlying issues in complex situations. Continuous Learning - Brings substantial conflicts and disagreements into the open and attempts to manage them collaboratively, building consensus, keeping the best interests of the organization in mind, not only one’s own interest. Data Gathering and Analysis - Collecting, consolidating and correctly using relevant information; recognizing important information. Tracing possible causes of problems; searching for practical data / solutions. Decision Making - Drawing correct and realistic conclusions and making timely decisions based on the available information. Functional and Technical Expertise - Demonstrates a designated level of professional skill and/or knowledge in specific area(s) and keeps current with developments and trends in area(s) of expertise. Initiative - Spotting opportunities within your own circle of influence, anticipating on threats and acting on them; self-starting rather than waiting passively until the situation demands action. Oral Communication - Conveys information orally to individuals or groups to ensure that they understand the message. Listens and responds appropriately to messages from others. Organizational Awareness - Having & using knowledge of systems, situations, procedures and culture inside the organization to identify potential problems and opportunities; perceiving the impact and the implications of decisions on other components of the organization. Planning and Organizing - Setting priorities and defining realistic actions, time and resources needed to achieve predefined goals. Problem Solving - The ability to identify problems and issues of varying complexities and find effective solutions within few guidelines. Result Orientation - Consistently delivers required business results; sets and achieves achievable, yet aggressive, goals; consistently complies with quality, service and productivity standards and meets deadlines; maintains focus on goals. Written Communication - Expressing ideas and opinions clearly in properly structured, well organized and grammatically correct reports or documents, utilizing language and terminology that is understandable for the reader.
