Information Security Engineer

GENERAL DESCRIPTION OF POSITION

The Information Security Engineer is responsible for supporting applications used by Information Security including automation, security architecture, and other critical functions.

ESSENTIAL DUTIES AND RESPONSIBILITIES

1. Manage the applications & infrastructure specific to the Information Security teams, and ensure functionality & uptime meets operational needs.

2. Assist in designing and implementing an automation strategy for Information Security, including the selection and maintenance of automation platforms.

3. Execute the vulnerability management program, determining criticality of patches & working with Information Security Governance team to monitor compliance.

4. Manage Discovery and Data Loss Prevention security analytics platform and partner with stakeholders to develop the strategy for this environment to support future needs.

5. Ensure security tools are updated to reflect a complete, accurate and valid inventory of all systems, infrastructure and applications.

6. Conducts vulnerability assessments and other security reviews of systems to ensure remediation based on the risk profile of the asset.

7. Reviews and recommends improvements to company security posture leveraging concepts such as network segmentation, resilient authentication, least privileged access, privacy by design, etc.

8. Develop and maintain security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.

9. Participate in application and infrastructure projects to provide security planning advice.

10. Determine baseline security configuration standards for operating systems (e.g., operating system hardening), network segmentation, and other technologies.

11. Develop standards and practices for data protection within the company, including technologies such as encryption and tokenization.

12. Track developments and changes in the technology and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.

13. Advocate security best practices & share insights with stakeholders in a variety of areas (secure coding, architecture, system/app administration, system hardening, etc.) and recommend changes to enhance security & reduce risk..

14. Participate in the Vendor Due Diligence process as needed to conduct security assessments of existing and prospective vendors.

15. Assists in e-discovery procedures when necessary.

16. Provide support and guidance for legal and regulatory compliance efforts, including audit support.

17. Assist in defining metrics and reporting that effectively communicate performance & maturity of the security program.

18. Assist Information Security leadership in developing strategy and roadmaps for Security team.

19. Complete required BSA/AML training and other compliance training as assigned.

20. The ability to work in a constant state of alertness and in a safe manner.

21.Perform any other related duties as required or assigned.

QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty mentioned satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

EDUCATION AND EXPERIENCE

Technical degree required in such disciplines as Computer Engineering, CPA, etc., plus 6 years related experience and/or training, and 2 years related management experience, or equivalent combination of education and experience.

COMMUNICATION SKILLS

Ability to read a limited number of words and recognize similarities and differences between words and between series of numbers; ability to write and speak simple sentences as a means for basic communication. Ability to read and understand simple instructions, short correspondence, notes, letters and memos; ability to write simple correspondence. Ability to read and understand documents such as policy manuals, safety rules, operating and maintenance instructions, and procedure manuals;

ability to write routine reports and correspondence. ability to effectively communicate information and respond to questions in person-to-person and small group situations with customers, clients, general public and other employees of the organization. Ability to read, analyze, and understand general business/company related articles and professional journals; ability to speak effectively before groups of customers or employees. ability to write reports, business correspondence, and policy/procedure manuals;

ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public. Ability to read, analyze, and understand common scientific and technical journals, financial reports, and legal documents; ability to respond to complex or difficult inquiries or complaints from customers, regulatory agencies, or members of the business community.

MATHEMATICAL SKILLS

Ability to calculate figures…