We are seeking a dynamic, high-energy engineer responsible for providing technical and business advice for a wide variety of information security related matters. Working individually, as well as part of various teams, this role is a subject matter expert who assists with the improvement of technical security on information systems. As a member of the Products Security Team, this position is responsible for the implementation of effective, creative, and innovative approaches to security. The ability to interact with both internal stakeholders, including the Product Development Team and internal Network Support Team, and external parties such as Customers or 3rd Party suppliers is a must. A well-qualified candidate will be comfortable working with technical peers to embed a security-focused mindset in all areas, while always staying on top of the most recent tools and practices.
Primary Duties & Responsibilities
Specific duties and responsibilities include:
- Working across the security team to implement various processes and technologies related to the CIS Critical Security Controls.
- Support of Customer facing needs related to Cybersecurity offering or requests from Clients on security approach.
- Offering technical information security consulting services to personnel who support IT infrastructure, including Network Administrators, Systems Administrators, and Database Administrators.
- Participating in vulnerability management program, assisting with vulnerability mitigation efforts, tool implementation, and performing vulnerability scanning and identification.
- Interacting with the Products Team to provide feedback and insight around the Products Security Team's use of tools.
- Conducting penetration testing of applications, network, infrastructure, and working with third-parties to conduct similar tests.
- Working with development teams to fulfill security requirements in the Software Development Lifecycle.
- Conducting and/or supporting internal security risk assessments, as well as assessments of business partners and vendors.
- Participate in security incident response efforts by having an in-depth technical knowledge of common security exploits, vulnerabilities, and countermeasures.
- Participating in an on-call rotation providing after-hours support for relevant Information Security needs.
- Participate in completing and reviewing security questionnaires, request for proposal (RFP), request for information, and vendor evaluations as needed.
- Contribute to the development and implementation of rigorous information security processes, controls, and systems, as well as information security awareness training across the organization.
- Support and participate in the organization’s Continual Improvement Program to conform to ISO 9001 requirements by complying with the Quality Policy and procedures and meeting QMS objectives.
- All employees have a professional duty to provide any information related to security issues, incidents or situations that present a potential security risk to the ISO Team, Management or their Supervisor.
- Other tasks and projects as directed by the management team.
Education and Training
- Bachelor’s Degree in Computer Science, Information Assurance, or equivalent/related field or equivalent years of experience.
- CISA, CEH, CEPT, GIAC or similar relevant information security certifications.
- 4+ years of technical experience, including 3+ years in an information security technical role
Knowledge and Skills
- Experience managing Vendor risk is preferred.
- Excellent written and oral communication skills.
- Experience communicating with customers via in person presentations and conference calls.
- Must be self-directed, able to work independently, as well as work in a team-oriented, geographically diverse/multiple locations, and fast paced environment.
- Direct experience implementing ISO 270xx, CIS and other security control frameworks and standards.
- Ability to deliver or explain technical concepts to non-technical customers and internal stakeholders.
- Experienced in the creation of technical documentation including Visio diagrams.
- Understanding of basic frameworks for mitigating Vendor risk.
- Knowledge of how criminal culture communicates/works on the Internet.
- In-depth understanding of the OSI Reference Model and its security implications.
- Working knowledge of various encryption algorithms and techniques.
- Working knowledge in system, UNIX, Windows, and network device administration.
- Maintains awareness of latest security issues and technologies, and keeps abreast of testing tools, techniques, and process improvements in support of security event detection and analysis.
- Ability to work and communicate among all the key stakeholders such as Development, Technical Operations, Product Management, Branding, Sales, Customer Service, Human Resources, Finance, etc.
- Knowledge and direct experience with vulnerability management, SIEM and Log Management, proxy servers, and IPS/IDS.
- Good understanding of TCP/IP networking and security.
- Good understanding of web application architecture and common related attack methods.
- Familiar with Non-relational databases (Key-Value, Object, Document, graph, etc).
- Understanding of Machine Learning and Data Mining concepts.
For more information on this job: https://rekruiters.com/jobs/
Rekruiters has been named by business journals as one of the best places to work.
For all of our consultants, we offer benefits such as weekly pay, health insurance, 401k and even profit sharing to our consultants.
https://www.rekruiters.com – Main Site
@rekruiters.com – Twitter
https://www.facebook.com/rekruiters/ – Facebook