Information Security Engineer
New York, NY | Full Time
Top Tier Company seeks Information Security Engineer to take on a lead role evaluating, implementing and managing operational security across the enterprise.
While this is a hands-on role that includes monitoring systems and networks, identifying threats and responding issues; you will also participate at a higher level researching, evaluating and recommending information security related hardware and software solutions in addition to defining processes and standards to ensure that security configurations are maintained.
Competitive base salary of 110-120K+ bonus in a highly visible InfoSec role within an expanding organization.
* Identify security requirements, using methods that may include risk and business impact assessments. This will involve extensive communication, facilitation and consensus building with business units.
* Research, evaluate, test and recommend the implementation of new or updated information security technologies.
* Assist in developing a common set of security tools, conduct reviews of tool output using defined operational parameters.
* Assist in the development of information security architecture and security policies, principles and standards
* Perform periodic quality assurance to ensure that system, network and application configurations meet security standards.
* Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
* Assist in developing and delivering security awareness training and materials.
* Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
* Advise application, database and system administrators on normal and exception-based processing of security authorization requests.
* Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
* Assist with risk assessment activities, analyzing the auditor’s results and producing recommendations of acceptable risk and risk mitigation strategies.
* Penetration Testing and Vulnerability Assessments: perform control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action, and present the results of vulnerability assessments.
* Help to define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.
* Review and validate baseline security configurations for operating systems, applications, and networking and telecommunications equipment.
* Assist security administrators and IT staff in the resolution of reported security incidents.
* Monitor daily or weekly reports and security logs for unusual events and trends.
* 3+ years IT network security experience.
* Knowledge and hands on experience working with leading firewall, network scanning and intrusion detection/prevention products and authentication technologies.
* Experience with penetration and vulnerability testing techniques and fixtures
* Experience with encryption methods, IPsec, PKI, remote access services (VPN) and proxy services
* Technical knowledge of Windows and Linux operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
* Knowledge of the fundamentals of project management and experience creating/managing project plans.
* Completed Bachelor's degree with Computer Science or related course of study.
* Security+, CISSP, CEH, CPT or equivalent certification preferred.