Lead Information Security Engineer REMOTE
Posted on Oct 24, 2020 by Request Technology - Craig Johnson
*This is a remote role*
Prestigious Enterprise Company is currently seeking a Lead Information Security Engineer. Candidate will be responsible for implementing, maintaining, monitoring and managing secure solutions. The security engineer delivers these solutions in accordance with the architectural designs, best practices, and regulatory or compliance requirements. As risks change, the security engineer is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape. It is important to recognize the senior nature of this role and the expectations regarding innovation, self-motivation, and initiative as they pertain to securing the environment. This role will partner and coordinate with other teams outside of security, and outputs from this role will generally be the result of complex analysis, research, and thoughtful innovation.
As an advanced skill-set position, the senior security engineer reports to the security manager and frequently interacts with stakeholders from within and outside of the Information Technology discipline. The security engineer is responsible for designing security solutions that protect the business, but also allow the business to execute and innovate. The security engineer works closely with many diverse and dynamic teams, including, but not limited to, Governance Risk and Compliance, IT Infrastructure & Operations, application development, security operations, and business unit contacts. This position is also responsible for participating in the design of solutions to secure business-to-business initiatives, third-party relationships, outsourced solutions, and vendors. As an experienced senior level role, the candidate will be empowered to make decisions which carefully and thoughtfully balance security with delivering business outcomes. This position requires a significant level of analytical thinking to properly deliver rational outcomes and report on security findings.
The security engineer is expected to contribute to the corporate security strategy with security leadership and other senior security staffers and technologists. Recipients of the security engineer's implementations and management include GRC, IT Infrastructure & Operations, application development, security operations, and business unit contacts. With an emphasis on securing systems, applications, third-party connections, service providers and ancillary systems, the security engineer is responsible for securing business-to-business initiatives, third-party relationships, outsourced solutions, and vendors. Considered a highly knowledgeable individual, the security engineer is expected to implement, monitor, and manage secure solutions that address modern-day issues. To be successful, this individual must fully understand systems life cycle/design and recognize where security input is required and/or valuable.
- Highly technical and analytical expertise, with a proven deep background in secure technology design, implementation and delivery. This individual must be comfortable providing metrics, analysis, and quantitative/qualitative evidence when necessary to drive a security outcome.
- Familiar with cloud technologies such as AWS, Azure, and GCP. Comfortable with a Scripting language such as Python, PHP, or Ruby. Familiarity with SQL and SPL.
- Broad understanding of Systems Security Engineering, NIST security domains, risk processes, and overall security architecture/design as it pertains to the engineering of trustworthy systems. Familiar with regulatory requirements and industry control frameworks such as PCI DSS, GDPR, ISO 27001/27002, SP 800-53, and DoD CMMC.
- Familiar with Microsoft Windows, MacOS, and other enterprise-grade operating systems such as Red Hat Enterprise Linux, Windows Server, and SUSE Linux.
- Intermediate to advanced understanding of networking and network devices, such as Routers, Switches, load balancers, and associated protocols.
- Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus, and Firewalls. Deep familiarity with newer technologies/offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration (SOAR), deception technologies, and application security controls are highly valuable and will ensure the candidate holistically approaches enterprise security opportunities.