SG360°
Senior Security Engineer
SG360°, Wheeling, Illinois, United States, 60090
DescriptionFor over 65 years, SG360 has not just survived, but thrived, by responding to the changing needs of our diverse client base. What started as a regional commercial printer is today a national, industry-leading provider of direct marketing solutions. We offer a comprehensive benefit plan which includes paid time off, holiday pay, health insurance, dental, vision, life insurance, education assistance program, short-term and long-term disability, wellness program, identify theft protection and 401k including employer match.
We are looking for a Senior Security Engineer to perform a combination of cyber security functions such as deployment, maintenance, testing, and investigation of cyber security products, to ensure secure internal network protocols are implemented and secure AWS cloud environment hosing the applications. This role will use problem solving based on the company's security, policy and compliance requirements as well as combination of forensic and analytical and technical skills in reviewing network interfaces and activities.PRIMARY RESPONSIBILITIESMaintains all security systems and their corresponding or associated software, such as firewalls, intrusion detection/prevention systems, vulnerability management, SIEM, and anti-virus software.Design, implement, and manage security controls in AWS environments, including IAM policies, VPC security, encryption, and key management.Monitors and reports on security systems and end user activity audits.Triages potential security incidents, assist with resolution and escalates to incidence response Manager/Team as needed.Maintains and monitors endpoint protection software such as antivirus, MDR, and other security-oriented endpoint protection platforms.Implement and manage AWS security services such as AWS WAF, GuardDuty, and Security Hub.Recommends, schedules (where appropriate), apply fixes, security patches, assist with disaster recovery procedures, and any other measures required in the event of a security breach.Assist with remediation identified through the Vulnerability and Penetration testing.Implement scripting where applicable to automate processes.Assists with monitoring the overall operation of networks/Systems and participates in cyber security related problem resolutions.Assist with performing remediations based on audit requirements and identified gaps.Contacts hardware and software vendors to resolve technical problems.Provides end-user support and training for security related products, practices, and policies.Assist with deployments and maintenance of tools related to MDM, RBAC, PAM, IAM, Configuration management etc. to comply with HITRUST and SOC 2TYPE ii domain controls.Provides technical services to relating to use, operation, and management of technology.Keeps current with emerging cyber security events, trends and threat sources.Ensure compliance with industry standards and best practices (e.g., CIS, NIST, ISO 27001) for cloud security.Performs other duties as assigned.RequirementsQUALIFICATIONSMINIMUM REQUIRED EDUCATION & EXPERIENCEBachelor' s Degree or higher (Management Information Systems, Decision and Information Sciences, Computer Information Systems, Computer Sciences, etc.) or equivalent experience.At least five (5) years of IT Audit experience OR at least six (6) years of experience in Information security engineering, with a focus on cloud security (preferably AWS).Strong experience in securing cloud environments, especially AWS, and on-premises infrastructure.Proficiency in communication, strong verbal skills.Strong project management skills and technical skills around security related tools.Possesses proficient understanding of: IT general controls (e.g., security, change management, disaster recovery & backup, infrastructure, etc.); SDLC/Agile methodologies, cybersecurity, and cloud.Possesses intermediate understanding of operating system and database platforms (e.g., mainframe, Active Directory, Windows, Linux, Oracle, etc.); network architecture; IT governance processes; IT risk management and assessment processes.Preferred Certifications:Security +GIAC GSEC (Global Information Assurance Certification)SSCP (Systems Security Certified Practitioner)AWS Certified Security - SpecialtyADDITIONAL QUALIFICATIONSBroad hands-on knowledge of firewalls, intrusion prevention/detection systems, anti-virus software, data encryption, and other industry-standard techniques and practicesIn-depth technical knowledge of network, PC, and platform operating systemsWorking technical knowledge of current systems software, protocols, and standardsStrong knowledge of TCP/IP and network administration/protocolsFamiliarity with security frameworks such as, ISO 27001, SOC 2 TYPE II, HITRUST etc.Intuition and keen instincts to pre-empt attacksAbility to develop basic scripts in languages such as PowerShell or PythonKnowledge of applicable practices and laws relating to data privacy and protectionHigh level of analytical and problem-solving abilitiesAbility to conduct research into security issues and products as requiredStrong understanding of the organization's goals and objectivesStrong interpersonal and oral communication skillsHighly self-motivated and directedStrong organizational skillsExcellent attention to detailAbility to effectively prioritize and execute tasks in a high-pressure environmentExperience working in a team-oriented, collaborative environment
SG
360
is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. SG
360
will provide reasonable accommodation to complete the online application consistent with applicable law. If you require an accommodation, please
contact
the location for which you are applying and ask to speak with the human resources representative
We are looking for a Senior Security Engineer to perform a combination of cyber security functions such as deployment, maintenance, testing, and investigation of cyber security products, to ensure secure internal network protocols are implemented and secure AWS cloud environment hosing the applications. This role will use problem solving based on the company's security, policy and compliance requirements as well as combination of forensic and analytical and technical skills in reviewing network interfaces and activities.PRIMARY RESPONSIBILITIESMaintains all security systems and their corresponding or associated software, such as firewalls, intrusion detection/prevention systems, vulnerability management, SIEM, and anti-virus software.Design, implement, and manage security controls in AWS environments, including IAM policies, VPC security, encryption, and key management.Monitors and reports on security systems and end user activity audits.Triages potential security incidents, assist with resolution and escalates to incidence response Manager/Team as needed.Maintains and monitors endpoint protection software such as antivirus, MDR, and other security-oriented endpoint protection platforms.Implement and manage AWS security services such as AWS WAF, GuardDuty, and Security Hub.Recommends, schedules (where appropriate), apply fixes, security patches, assist with disaster recovery procedures, and any other measures required in the event of a security breach.Assist with remediation identified through the Vulnerability and Penetration testing.Implement scripting where applicable to automate processes.Assists with monitoring the overall operation of networks/Systems and participates in cyber security related problem resolutions.Assist with performing remediations based on audit requirements and identified gaps.Contacts hardware and software vendors to resolve technical problems.Provides end-user support and training for security related products, practices, and policies.Assist with deployments and maintenance of tools related to MDM, RBAC, PAM, IAM, Configuration management etc. to comply with HITRUST and SOC 2TYPE ii domain controls.Provides technical services to relating to use, operation, and management of technology.Keeps current with emerging cyber security events, trends and threat sources.Ensure compliance with industry standards and best practices (e.g., CIS, NIST, ISO 27001) for cloud security.Performs other duties as assigned.RequirementsQUALIFICATIONSMINIMUM REQUIRED EDUCATION & EXPERIENCEBachelor' s Degree or higher (Management Information Systems, Decision and Information Sciences, Computer Information Systems, Computer Sciences, etc.) or equivalent experience.At least five (5) years of IT Audit experience OR at least six (6) years of experience in Information security engineering, with a focus on cloud security (preferably AWS).Strong experience in securing cloud environments, especially AWS, and on-premises infrastructure.Proficiency in communication, strong verbal skills.Strong project management skills and technical skills around security related tools.Possesses proficient understanding of: IT general controls (e.g., security, change management, disaster recovery & backup, infrastructure, etc.); SDLC/Agile methodologies, cybersecurity, and cloud.Possesses intermediate understanding of operating system and database platforms (e.g., mainframe, Active Directory, Windows, Linux, Oracle, etc.); network architecture; IT governance processes; IT risk management and assessment processes.Preferred Certifications:Security +GIAC GSEC (Global Information Assurance Certification)SSCP (Systems Security Certified Practitioner)AWS Certified Security - SpecialtyADDITIONAL QUALIFICATIONSBroad hands-on knowledge of firewalls, intrusion prevention/detection systems, anti-virus software, data encryption, and other industry-standard techniques and practicesIn-depth technical knowledge of network, PC, and platform operating systemsWorking technical knowledge of current systems software, protocols, and standardsStrong knowledge of TCP/IP and network administration/protocolsFamiliarity with security frameworks such as, ISO 27001, SOC 2 TYPE II, HITRUST etc.Intuition and keen instincts to pre-empt attacksAbility to develop basic scripts in languages such as PowerShell or PythonKnowledge of applicable practices and laws relating to data privacy and protectionHigh level of analytical and problem-solving abilitiesAbility to conduct research into security issues and products as requiredStrong understanding of the organization's goals and objectivesStrong interpersonal and oral communication skillsHighly self-motivated and directedStrong organizational skillsExcellent attention to detailAbility to effectively prioritize and execute tasks in a high-pressure environmentExperience working in a team-oriented, collaborative environment
SG
360
is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. SG
360
will provide reasonable accommodation to complete the online application consistent with applicable law. If you require an accommodation, please
contact
the location for which you are applying and ask to speak with the human resources representative