Advantage Tech is assisting a long term client of ours with finding their next Information Security Engineer. This position is under limited supervision and will provide expertise in all areas of information security. Primarily responsible for safeguarding the Client’s technology infrastructure and strengthening the Client’s overall information security posture. Researches emerging threats and trends and recommends standards and procedures to mitigate risk across the organization. Architects and implements advanced solutions to proactively address security threats and vulnerabilities. Serves as the subject matter expert and liaison for cybersecurity to business departments and vendors.
- Provides third-tier support and assists junior staff for all security devices, applications, and processes, including perimeter security, endpoint security, user access provisioning, and risk assessment.
- Helps plan and carry out the Client’s information security strategy, based on emerging threats and trends, recommends standards, conventions, controls, policies, and procedures in all areas of information security.
- Architects, designs, and deploys advanced technology solutions leveraging on-premise and cloud-based infrastructure. Maintains high levels of posturing, monitoring, and access control within those environments.
- Administers the Client’s vulnerability management program. Conducts analysis of active vulnerabilities and presents residual risks and mitigation strategies to senior leadership.
- Facilitates and continuously evolves the cybersecurity risk assessment process for the Client’s third-party vendors. Documents inherent and residual technical risks and communicates them to business leaders to guide decision-making.
- Provides education to business partners on information security through training and building awareness, including emerging threats and industry trends.
- Performs other duties as assigned.
- Strongly self-motivated interest in the position and information security in general.
- Advanced verbal and written communication skills, including presentation ability.
- Well-developed documentation skills and attention to detail.
- Accessible via cell phone during core client hours, as well as after-hours, as needed, to provide support for normal business operations.
- Extensive knowledge of multiple network and security platforms, including firewalls, intrusion detection/prevention systems, remote access devices, vulnerability scanning tools, patch management systems, anti-virus systems, etc.
- Ability to quickly learn new technologies and manage security issues surrounding them.
- Protect business records created or used in business processes to ensure availability, confidentiality, integrity, and the retention and destruction of such as specified by relevant policies.
- Ability to handle multiple tasks simultaneously, ability to problem solve, memory for details, ability to prioritize, and ability to maintain concentrated mental and visual attention for sustained periods.
- Demonstrates a commitment to diversity and inclusion (D&I) by taking actions that are consistent with D&I program. Provides reporting to the Office of Minority and Women Inclusion (OMWI), as needed, as well as partners with OMWI to implement effective policies and procedures that incorporate D&I into business activities.
Knowledge and Skills:
- Eight to ten years of information security or closely-related professional experience.
- Bachelor’s degree and/or equivalent work experience.
- Courtesy, tact, and diplomacy are essential elements of the job. Work involves much personal contact with others inside and/or outside the organization, generally regarding routine matters for purposes of giving or obtaining information which may require some discussion.
- Certified Information Systems Security Professional (CISSP) certification preferred.
- Expert-level understanding of networking techniques and protocols. Advanced networking certification preferred, such as Cisco Certified Network Professional (CCNP).
- Additional industry certifications in audit or other IT-related areas preferred, such as Certified Information Systems Auditor (CISA) or Microsoft Certified Solutions Associate (MCSA).
- Working knowledge of industry standards regarding security devices and procedures.
- Strong customer service orientation.
- Experience working in a highly-regulated environment.