Information Security Engineer- very competitive base salary plus 10% bonus and excellent benefits
This is a perm position and would be ideally situated in Warren, PA, but a greater Boston, MA north location is also a possibility.
LOCATION: Warren, PA or Boston, MA
- Design security solutions and provide recommendations for technical programs and projects
- Conceive of and propose new approaches to: significantly enhance or modify the configuration or functionality of intranets, firewalls, servers, applications, remote access, databases, and other important parts of the information systems infrastructure; allow greater standardization and more effective management of information security measures
- Evaluate and recommend the application of security methodology for new, emerging, or existing technology, such as smart cards and encryption
- Assist with the selection, installation, and adoption of automated tools that enforce or monitor the compliance with information security policies, procedures, standards, and similar information security requirements
- Review proposals for outsourcing business activities to determine whether security controls would be compromised in the course of outsourcing the proposed activities
- Facilitate the integration of security architecture and strategies into programs and projects
- Provide special technical guidance to the Information Technology Department staff about the risks and control measures associated with new and emerging information systems technologies
- Participate as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developments
- Provide in-depth technical advice for investigations of information security incidents including internal frauds, hacker break-ins, and system outages
- Documentation of information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place
- Participate on a Security Incident Response Team (SIRT) that responds to various security incidents such as denial of service attacks, virus infestations, and internal frauds
- Conduct security reviews and risk assessments of applications and infrastructure with industry standard tools and methodologies
- Perform vulnerability scans and internal penetration tests on a regular basis; ensures remediation of critical and high items
- Maintain awareness of up-to-date threats and vulnerabilities and their respective countermeasures
- Stay informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional associations, industry conferences, training seminars, and other information sources
- Bachelor Degree in Computer Science, Information Systems, Engineering, or an equivalent combination of education, training, and experience.
- 3+ years experience supporting security-based devices (firewalls, intrusion detection systems, port scanners, vulnerability scanners, sniffers, malware management systems, email filters, encryption technology and software)
- 3+ years experience supporting PCs, OS, and peripherals including server hardening
- 3+ years experience with configuration and implementation of routers, switches, intranets, and VPNs including network device hardening
- 4+ years conducting Information Security risk analysis/ assessments and application reviews, and providing recommendations
- Demonstrated knowledge of information security concepts and methodologies, as well a practical understanding of security principles such as authentication, authorization, access controls, and protection strategies.
- Demonstrated experience in computer/network security, operating systems such as Windows, LAN/WAN networking protocols such as TCP/IP, firewalls, IDS/IPS, PKI, and encryption
- Experience performing external and internal vulnerability and penetration testing
- Demonstrated experience working with information security related risks, as well as regulatory, audit, and compliance requirements, such as PCI DSS 3.0
- Experience administering information security programs including risk assessments and forensic research, designing security architectures, developing policies, gathering metrics, and reporting status
- Demonstrated ability to interface effectively and collaborate with clients, peers, vendors, and management to develop solutions and ensure stakeholder buy-in
- Demonstrated ability to mentor and train junior security analysts in risk assessments, security reviews, internal controls, general controls, application controls, and related business communications.
- Must demonstrate excellent business mastery, including the ability to integrate work across relevant areas, develop the business and services to enhance customer satisfaction and productivity, manage risks and safety appropriately, manage information, and provide exceptional service to internal and external customers.
- Must demonstrate excellent management mastery, including effective resource and project planning, decision making, results delivery, team building, and staying current with relevant technology and innovation
- Must demonstrate strong personal mastery, including ethics, influence and negotiation, leadership, interpersonal skills, communication, the ability to effectively manage stress and engage in continuous learning.
Preferences for candidates with:
- CISSP Certification, CISM Certification, and/or CISA Certification• IT and PCI DSS 3.0 Audit experience• Experience working as an external consultant• Experience with IBM iSeries security configurations• Expertise with secure application development concepts and practices
Cisco ASA/routers/switches; AWS; Nexus; IBM QRadar Security Intelligence platform; Trust Wave PCI Compliance ; Core Impact penetration testing
If interested and more importantly qualified, send updated resume with contact info ato email@example.com and you will be contacted immediately.
Unfortunately, Visa sponsorship or transfer NOT available for this position.
Out of State candidates considered-Relocation offered for qualified candidates.