Technology Inc.
Info Security Engineer – Cyber
Technology Inc., Atlanta, Georgia, United States, 30383
JOB PURPOSE:Works across the enterprise to develop and implement security requirements, security guidance, security architecture, and technology solutions to address existing and emerging security issues. Responsible for building, implementing and providing guidance on maintaining a broad suite of information security infrastructure, and accountable for security and networking infrastructure components, their availability and integrity. Duties will also include determining enterprise security requirements; planning, implementing, and testing security systems, preparing security standards, and procedures.
KEY RESPONSIBILITIES:
Validate IT infrastructure and other reference architectures including Cloud security architectures for security best practices, and recommend changes to enhance security and reduce risk where applicable.
Perform security administration of vulnerability management, email gateway, user access provisioning, and other security protection tools. Manage escalated abnormal user behavior and policy violations incidents.
Provide and help implement design and product recommendations for security technologies needed across the enterprise including but not limited to: developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs and implements public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as related infrastructure, implements security application upgrades, single sign-on/password administration, and other new security initiatives.
Liaise with the business continuity team to validate security practices for both disaster recovery planning (DRP) and business continuity management (BCM) testing.
Liaise with the internal audit team to review and evaluate the design and operational effectiveness of security related controls.
Create security documentation including requirements definitions, risk assessments, high level and detailed design documents and risk and recommendation documentation.
Lead/Support security design efforts on projects and guide and collaborate within and outside the Information Security team.
Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
Design, implement and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
Effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
KNOWLEDGE, SKILLS, ABILITIES:
Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
Excellent verbal, written communication skills. Must be able to communicate effectively with the IT organization, project and application development teams, management, and business personnel.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Knowledge of threat modeling and other security risk identification methods.
Knowledge of system security vulnerabilities and remediation techniques.
Exposure to multiple security engineering disciplines including application security, secure software development, cryptography, network security, system security, and security policy.
A solid understanding of Information Security & IT controls, penetration testing, vulnerability assessments, HIPAA, NIST and ISO frameworks, and other information security governing bodies.
Demonstrate ability to develop architectures for enterprise environments.
MINIMUM EDUCATION REQUIRED:Bachelors degree in Computer Science, Information Technology or related field required. In lieu of degree, four (4) years of relevant work experience will be accepted in addition to the experience requirement.
MINIMUM EXPERIENCE REQUIRED:
Five (5) years of experience in an information security role to include experience in security design, architecture or consulting capacity.
Experience with network or systems administration, performing IDS/IPS real-time monitoring analysis, network forensics, security architecture, network engineering, security engineering, or similar areas in a medium or large corporate environment.
Experience with building security architecture into security DevOps. (If no degree, a total of nine (9) years of experience required.)
MINIMUM LICENSURE/CERTIFICATION REQUIRED BY LAW:None.
ADDITIONAL QUALIFICATIONS:
Healthcare information security and privacy experience preferred.
Certified in one or more of the following area(s):
Certified Information Systems Security Professional (CISSP)/Information System Security Architecture Professional (CISSP-ISSAP)
GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED)
GIAC Security Essentials Certified (GSEC)
Payment Card Industry Professional (PCIP)
Certified Information Security Manager (CISM) or equivalent certification
*Hybrid Role
#J-18808-Ljbffr
KEY RESPONSIBILITIES:
Validate IT infrastructure and other reference architectures including Cloud security architectures for security best practices, and recommend changes to enhance security and reduce risk where applicable.
Perform security administration of vulnerability management, email gateway, user access provisioning, and other security protection tools. Manage escalated abnormal user behavior and policy violations incidents.
Provide and help implement design and product recommendations for security technologies needed across the enterprise including but not limited to: developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs and implements public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as related infrastructure, implements security application upgrades, single sign-on/password administration, and other new security initiatives.
Liaise with the business continuity team to validate security practices for both disaster recovery planning (DRP) and business continuity management (BCM) testing.
Liaise with the internal audit team to review and evaluate the design and operational effectiveness of security related controls.
Create security documentation including requirements definitions, risk assessments, high level and detailed design documents and risk and recommendation documentation.
Lead/Support security design efforts on projects and guide and collaborate within and outside the Information Security team.
Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
Design, implement and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
Effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
KNOWLEDGE, SKILLS, ABILITIES:
Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
Excellent verbal, written communication skills. Must be able to communicate effectively with the IT organization, project and application development teams, management, and business personnel.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Knowledge of threat modeling and other security risk identification methods.
Knowledge of system security vulnerabilities and remediation techniques.
Exposure to multiple security engineering disciplines including application security, secure software development, cryptography, network security, system security, and security policy.
A solid understanding of Information Security & IT controls, penetration testing, vulnerability assessments, HIPAA, NIST and ISO frameworks, and other information security governing bodies.
Demonstrate ability to develop architectures for enterprise environments.
MINIMUM EDUCATION REQUIRED:Bachelors degree in Computer Science, Information Technology or related field required. In lieu of degree, four (4) years of relevant work experience will be accepted in addition to the experience requirement.
MINIMUM EXPERIENCE REQUIRED:
Five (5) years of experience in an information security role to include experience in security design, architecture or consulting capacity.
Experience with network or systems administration, performing IDS/IPS real-time monitoring analysis, network forensics, security architecture, network engineering, security engineering, or similar areas in a medium or large corporate environment.
Experience with building security architecture into security DevOps. (If no degree, a total of nine (9) years of experience required.)
MINIMUM LICENSURE/CERTIFICATION REQUIRED BY LAW:None.
ADDITIONAL QUALIFICATIONS:
Healthcare information security and privacy experience preferred.
Certified in one or more of the following area(s):
Certified Information Systems Security Professional (CISSP)/Information System Security Architecture Professional (CISSP-ISSAP)
GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED)
GIAC Security Essentials Certified (GSEC)
Payment Card Industry Professional (PCIP)
Certified Information Security Manager (CISM) or equivalent certification
*Hybrid Role
#J-18808-Ljbffr