- High School Diploma or GED
- ITIL Certification
- NIST Standards
Summary: Ensures security design for IT systems align with business needs, architecture and technical standards to support the data security needs of systems being developed or acquired.
Essential Duties & Responsibilities:
Responsible for Security Architecture reviews to align security best practices with proposed configurations. This includes the review of detailed specifications for security systems and the associated design, scalability, completeness, quality and performance.
Acts as a technical consultant for the enterprise, ensuring security design for systems align with business needs, architecture and technical standards.
Recommends and assist with the design of security controls to support the data security needs of systems being developed or acquired.
Confers with users and/or management to define business requirements for complex security development.
Performs end to end full stack reviews of current or incoming technologies for ITSEC compliance.
Creates advisory artifacts and recommendations based upon findings after reviews are complete.
Ensures that proposed and existing application security architectures are aligned with organizational goals and objectives.
Conducts research on emerging technologies in support of systems development efforts, and recommends technologies that will increase cost effectiveness and systems flexibility.
Stays up-to-date on current tools, techniques, and vulnerabilities.
Develops and maintains documented procedures around securing internal systems.
On an ongoing basis, conducts security assessments and audits of IT's application and infrastructure portfolio to identify determine issues, weaknesses and gaps in processes and technology.
Education and/or Experience, knowledge, skills & abilities: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.
High school diploma or equivalent.
Experience in Security Engineer or Security Architect role
5 - 8 years of related experience
Progressively responsible roles in information security including most, if not all, of the following skills (required):
Proficiency with solutions design, configuration, and implementation.
Strong understanding of network architecture, firewalls, Intrusion Detection Systems, web filtering, audit and log management, physical security control systems, real-time systems, and common operating systems.
Solid understanding of emerging technologies in IT such as a Cloud Platform, Internet of Things and Mobile BYOD as well as the associated security risks.
Understanding of encryption technologies and common network protocols.
Proficiency with Cloud service and deployment models (e.g. CaaS, SaaS, IaaS, and PaaS).
Experience using Cloud-native/Cloud-friendly authentication mechanisms such as OAuth, OpenID, SAML, Ping, etc.
A degree in computer science, MIS, engineering or related discipline, and relevant industry certifications (CISSP or other security certifications)
Familiar with Firewall and Proxy administration.
Experience with Cisco’s security suite of products.
ITIL Certification preferred, strong understanding of ITIL tools, processes and terminology a plus.
Experience identifying vulnerabilities in infrastructure and software.
Experience supporting a multi-OS environment (iOS, Android, Windows 10, etc.).
Knowledge of Cyber Security standards and frameworks such as NIST.
Strong analytic and problem-solving abilities.
Excellent written/oral communications and analytical skills.
Excellent interpersonal skills.
Working Conditions: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job:
Usually, normal office working conditions. Must be able to remain in a stationary position 50% of the time due to prolonged periods of sitting or standing. |
Equal Opportunity Employer/Minority/Female/Disabled/Veteran
DISCLAIMER: The above statements, which are subject to change, are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties and skills required of personnel so classified.