Senior Information Security Engineer and Analyst

MIB Group, Inc. - Braintree, MA (30+ days ago)


POSITION SUMMARY: This is an individual contributor position that also functions as part of a team of network and systems security engineers and analysts. This position installs, manages and maintains various network and information security systems (appliances and software); troubleshoots issues; monitors network and information security systems; and investigates security events to include basic forensics.

MINIMUM QUALIFICATIONS AND REQUIREMENTS:

  • Education: 4 year Computer Science related degree (or equivalent experience)
  • Experience: Prior experience in configuring and managing security devices and monitoring and responding to security events; specifically email protection systems
  • Skills: The associate must be familiar with multiple networking protocols and topologies, operating systems, Internet technologies (Domain Name Service, Email, Public Key Infrastructure) and fluent with IT Security Technologies
  • Certifications: CISSP Desirable

*
GENERAL DUTIES AND RESPONSIBILITIES:

(This is a representative list of the general duties the position may be asked to perform, and is not intended to be all-inclusive)

  • Engineer, implement and monitor IT security systems for the protection of computer systems, networks, and information.
  • Administer, troubleshoot, and analyze network security products such as firewalls, IPSs, Network Access Control (NAC), Anti-Virus, Malware Detectors and Internet filters to ensure they provide the highest level of protection.
  • Manage the email protection system to include configuration adjustments and underlying email infrastructure
  • Manage SSL/PKI certificates to include installation, troubleshooting, and consultation for implementation.
  • Manages a Web Application Firewall to include application development support.
  • Manage the inputs to the Security Information and Event Management (SIEM) and respond to and analyze alerts and notifications.
  • Investigate, analyze, contain, and report IT security incidents in accordance with the incident response plan.
  • Conduct forensic analysis to determine extent and cause of IT security incidents.
  • Used log aggregators, packet captures, and host logs to investigate IT security events
  • Implement IT security metrics and other tools to identify anomalies
  • Review various IT security alerts to determine if investigation is warranted and correlate events from multiple sources
  • Research and recommend various IT security technologies to enhance IT security protections.
  • Analyze and manage the remediation of penetration test results.
  • Manage the inputs to the log management systems and perform searches as needed for analysis and investigations.
  • Serve as an IT security consultant to the CISO for policies, standards, risk assessments, and evaluations of new technologies.
  • Assist with the responses to various security audits.
  • Provide troubleshooting support to resolve IT technology issues.
  • Understand IT Security best practices and institute them across the environment.
  • Provide configuration, troubleshooting, and maintenance support to the email infrastruture

TIME ALLOCATION:

Ex. 25%: Administration

  • 40% - System Management (install, manage, maintain, upgrade, configure)
  • 30% - System and log monitoring, responding and investigating events
  • 15% - Research new technologies, architectures
  • 15% - Administration, internal consulting

OTHER MATERIAL INFORMATION: (attach additional pages if necessary)

All Associates (whether full-time, part-time, or temporary), Interns, Subcontractors, and Service Providers are to follow the Information Security Program to:

  • Ensure the security of Protected Information;
  • Protect against anticipated threats or hazards to the security or integrity of Protected Information; and
  • Protect against unauthorized access to or use of Protected Information in a manner that creates a substantial risk of a security breach, identity theft or fraud. Associates must contact the Help Desk immediately in the event of or suspicion of a security event (e.g., lost or stolen equipment, sensitive information disclosure, etc.)

This job description does not include a comprehensive list of all duties the associate may be asked to perform in the course of the business day or may be assigned as part of the position. Other duties may be assigned as appropriate based on MIB business needs.

Job Type: Full-time