The Senior Security Engineer is responsible for security system deployments, configuration, monitoring and reporting of security related events. Provides support to planning and implementing security controls which safeguard and monitor events for information systems, enterprise applications, outsourced services and data. Provides Tier II support for security related incidents and issues.
Advises of all security concerns and provides options and solutions to resolve these concerns.
Reviews proposed security infrastructure changes of all other team members as well as other groups and departments to maintain a high level of security integrity.
Contributes to the development of information security policy, standards and guidelines.
Investigates and resolves any security related incidents, complaints or questions.
Fully understands all security events as well as plans and implements resolutions to protect from current and future attacks.
Analyzes all firewall rules and access control list changes for possible security risks and addresses risks
Performs security and vulnerability assessments both internally and externally and addresses with an action plan.
Examines and preserves data for investigation and legal support.
Performs electronic discovery, analysis and investigation of intrusion and hacking attempts
Plans and implements incident handling and response tasks and procedures for security related events.
Researches and implements new technologies to improve and grow the security infrastructure (e.g. applications, systems, outsources services).
Obtains information and stays up to date on the latest exploits and security trends in a fast and efficient way so as to keep secured against these exploits.
Bachelor’s degree in Computer Science or related field or equivalent combination of industry related professional experience and education
4+ years of experience
Working experience with information security
Working experience with Intrusion Detection Systems (IDS) & Intrusion Protection Systems (IPS)
Working experience with Firewall configuration and monitoring
Working experience with event/log analysis and incident response
Working experience with forensics
Preferred Education & Experience:
CISA, CISSP, CISM, or CIA certification(s)
Network / System Administration experience / background
Engineering related certifications including:
ISSER add-on to CISSP
Advise and maintain specific security controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems and to enhance resilience to unauthorized access.
Perform vulnerability assessments.
Recognize when a network/system has been attacked or when a breach of security has occurred.
Take immediate action to limit damage, according to the organization’s security policy, which may include escalation to next level, and records the incident and action taken.
Demonstrate effective communication of security issues to management and others.
Follow and maintain the guidelines and standards for security.
Monitor the application security operations procedures and reviews information systems for actual or potential breaches in security.
Ensure that all identified breaches in security are promptly and thoroughly investigated.
Ensure that security incidents are documented accurately and complete.
Take a comprehensive approach to seeking vulnerabilities across the full spectrum of organization policies, processes, and defenses in order to improve organizational readiness, improve training for defensive practitioners, and inspect current performance levels.
Inform vulnerability testing policy.
Manage all vulnerability testing activities within the organization.
Initiate improvements to test processes and direct their implementation.
Assess suppliers' penetration testing capabilities
Takes actions to support Company strategies and tactics
Maintains positive attitude and momentum in challenging situations
Communicates effectively with all partners
Demonstrates flexibility, resiliency and productivity in response to shifting priorities
Strives for continuous improvement
Shares ideas with others to address daily business issues
Builds working relationships characterized by cooperation and mutual respect
Shares ideas and resolves conflict constructively