Information Security Engineer
Information Security Engineer
What You’ll Do:
- Ability to fine-tune security rules and processes for efficient detection and mitigation
- Develop and maintain security utilities and metrics dashboards that help team to track/report on compliance
- Evaluate software security products and technologies, as required
- Help plan and carry out an organization’s information security strategy. Developing a set of security standards and best practices for the organization and recommend security enhancements to management, as needed.
- Develop strategies to respond to and recover from a security breach. Information Security Engineers are also responsible for educating the workforce on information security through training and building awareness.
- Implement, install and use software, such as firewalls and data encryption programs, to protect organizations’ sensitive information.
- Test for vulnerabilities. Conducting periodic scans of networks to find any vulnerabilities.
- Coordinating penetration testing, in which an external third party would simulate an attack on the system to highlight or find any weaknesses that might be exploited by a malicious party.
- Constantly monitor their organization’s networks and systems for security breaches or intrusions, via software notifications and identifying anomalous behavior.
- Ability to respond to security incidents, to minimize the impact. Afterwards, executing technical and forensic investigation into how the breach happened and the extent of the damage.
Who You Are:
- Ability to determine risk based on context
- Ability to clearly articulate issues and communicate in an effective and personable manner
- Ability to adjust quickly to the security needs of a highly agile organization
- Knowledge of offensive and defensive IT security techniques
- Knowledge of securing Mac, Windows, Linux & AWS environments
- Skills in securing web applications
- Ability to perform some level of forensic analysis
- 2+ years of Information/Cyber Security Experience
- BA or BS degree in Information Security, Cyber Security, Computer Science or other related degree
- Knowledge of the following frameworks/compliance regimes; ISO, NIST, PCI, SOX, SSAE18, BSIMM and GDPR compliance
- Knowledge of designing a comprehensive security programs for SaaS applications and Corporate environments including Vendor Security Assessments, Penetration Tests, Risk Management, Threat Intelligence, Vulnerability Management, Incident and Response, Security Training, Privacy and Compliance Programs
- Direct experience with anti-virus software, intrusion detection, firewalls and content filtering
- Knowledge of risk assessment tools, technologies and methods
- Experience designing secure networks, systems and application architectures
- Knowledge of disaster recovery, computer forensic tools, technologies and methods
- Experience planning, researching and developing security policies, standards and procedures
- Ability to communicate network security issues to peers and management
- Ability to read and use the results of malicious code, and anti-virus software