Sr. Security Engineer
Security administration is a hands-on role that requires a high level of technical expertise. The person in this position is responsible for a broad range of tasks, including the day-to-day administration of information security tools and devices, as well as first-level and second-level support for security information and event management (SIEM), and may include significant responsibilities for the security administration of a wide variety of IT systems across the enterprise.
Additionally, as legal and regulatory compliance drivers continue to grow in impact and importance, many of the security Engineer's tasks may also be part of an audit support function.
In some organizations (typically larger ones), security administration tasks may be performed by a user and access administration team, as well as a team that handles the more technical security configuration and administration aspects of the job.
The individual in this position interacts closely with product vendors and service providers, with personnel from various IT departments — including the application development, operations and network, and privacy teams — and with business departments. In-depth knowledge of [Company Name]'s operating systems and security applications, as well as a working knowledge of basic network protocols and tools, is also required.
Roles and Responsibilities
As indicated in the template wrapper, the information security Engineer's role will vary widely across enterprises and, in many cases, within the same enterprise, as need demands and dictates. This section has been broken into two major categories: typical functions that virtually every information security Engineer will perform, and those that will be optional depending on the program requirements, the staff's level of expertise and program maturity.
- Perform user and access administration on designated systems and applications, in accordance with the defined policies, standards and procedures of the organization.
- Perform system security administration on designated technology platforms, including operating systems, applications and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines.
- Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.
- Perform threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities.
- Apply patches where appropriate and, at the direction of [manager responsible for security Engineer], remove or otherwise mitigate known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards.
- Locate and repair security problems and failures.
- Collate security incident and event data to produce monthly exception and management reports.
- Perform normal and exceptional processing of user access and change requests, escalating such requests when appropriate.
- Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
- Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues.
- Develop and maintain documentation for security systems and procedures.
- Research, recommend, evaluate and implement information security solutions that identify and/or protect against potential threats, and respond to security violations.
- Provide guidance to junior members of the team.
Additional Optional Duties
Event Management/SIEM Management
- Respond to and, where appropriate, resolve or escalate reported security incidents.
- Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
- Investigate and resolve security violations by providing postmortem analysis to illuminate the issues and possible solutions.
Identity and Access Management
- Monitor internal control systems to ensure that appropriate information access levels and security clearances are maintained.
- Administer and maintain end-user accounts, permissions and access rights for all systems.
- Participate in infrastructure projects to develop, plan, and implement specifications for network and distributed system security technologies in support of key information systems.
- Assist in the management of firewalls, intrusion detection systems, switches and routers.
- Download and test new security software and/or technologies.
- Support data encryption deployments, including key management.
Risk and Control Assessment
- Implement or coordinate remediation required by audits, and document exceptions as necessary.
- Perform system and application vulnerability testing.
- Participate in enterprise testing and assessment activities
- Threat and Vulnerability Management
- Research threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
- Review, assess, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure.
- Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach.
- Monitor security vulnerability information from vendors and third parties.
- Maintain network security diagrams.
- Support information security architectural requirements.
- Participate in information security working groups.
- Knowledge of compliance standards such as ISO 27000, ISO 9001 and FedRAMP
- Minimum of two years of IT or network security experience:
- One to two years of experience for a junior security Engineer.
- Three to five years of experience for a senior security Engineer.
- Bachelor's degree in information systems, or equivalent work experience.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or equivalent preferred
- Certifications from International Information System Security Certification Consortium (ISC)2, Information Systems Audit and Control Association (ISACA) or other accrediting organizations at the discretion of the Chief Information Officer.
- Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
- Technical proficiency with security-related systems and applications
- Experience in developing, documenting and maintaining security procedures.
- Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts.
- Working technical knowledge of current systems' software, protocols and standards.
- Strong knowledge of TCP/IP and network administration/protocols.
- Strong analytical and problem-solving skills to enable effective security incident and problem resolution.
- Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously.
- Ability to work well under minimal supervision.
- Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT-business personnel.
- Strong written and verbal communication skills.
- Strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.
- Experience in developing, documenting and maintaining security procedures.
Job Type: Contract
Salary: $50.00 to $70.00 /hour
- Nessus Reporting and Resolution Consulting: 3 years (Required)
- IT Security: 4 years (Required)