Senior Security Engineer
Position Summary:
The Senior Security Engineer is responsible for supporting the enterprise security program including monitoring and implementation with emphasis on information security. Security activities will include risk assessments and reviews requiring frequent communication with internal staff as well as outside auditors and customer security/risk assessment teams.
Responsibilities:
• Communicate with security administrators who perform day-to-day security functions and monitoring, technical support for evaluation, design and problem resolution
• Support security applications and security fixes
• Review and update security standards on a regular basis to address new threats, new industry practices, requirements and standards, and incorporate new technologies
• Conduct regular system and network audits, reviews, and tests to verify compliance with security policies and standards
• Conduct and/or interpret network, system and application vulnerability assessments
• Conduct security reviews and testing of new hardware and software
• Review proposed network and application architectures for cloud environments
• Monitor notifications of security holes, patches and advisories through on going automatic subscription from national organizations such as CERT, SANS and CIAC
• Support the implementation of security controls and recommend areas for risk reduction
• Support RFP process in assessing security requirements from potential customers
• Provide incident response and management
• Provide technical security training to internal staff and other duties as assigned.
Skills and Experience Required:
• End-to-end security experience including web, application, network, OS and database
• Knowledge of security issues, trends, best practices
• Familiarity with audit, business and segregation of duties, risks, and controls
• Knowledge of security legislation such as Sarbanes-Oxley (SOX), SAS 70/SSAE 16, ISO 27001/27002 and NIST standards desirable
• Excellent communication and presentation skills
• Ability to work independently with flexibility and excellent judgment
• Ability to work effectively under pressure to meet deadlines
• Ability to work cooperatively as part of a team
• Experience in performing security investigations
• Be able to obtain government security clearance
CISSP or CISA desired