Primary Duties and Responsibilities
Develops, integrates and implements enterprise information security architectures and solutions and serves as a security expert on the most critical security issues and complex projects.
Provides expert support and oversight to the information security team and closely works with senior security engineers and IT departments to select and deploy technical controls and solutions to meet specific security requirements; defining standard architecture, that ensures security configurations are maintained and security controls are met.
Develops key security standards to ensure boundary control, the integrity of information and security monitoring technologies are reducing risk.
Provides guidance and direction on best practices for protection of information and closely works with the Director of Enterprise Information Security and senior leadership teams to ensure short and long-term security strategies and plans are in place for the company.
Provides and develops information and input for security policies, principals, and standards to ensure consistent security standards across the enterprise.
Researches and recommends and advocates new technologies/architectures and security products that will support the business security requirements of the enterprise.
Experience securing and architecting cloud-based infrastructures (e.g. MS Azure, Amazon AWS and Google)
Experience in software-based networking technologies a plus Work Environment: Works in a temperature controlled office environment.
Required Qualifications (these are the minimum requirements to qualify):
Bachelor and/or Masters degree in Computer Science, Information Systems, Business Administration and/or equivalent security certification (CISSP, SSCP, GIAC, CEH, etc).
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Extensive experience in/with:
Developing security architecture and security policies, principles, and standards. Participating in an enterprise architecture (EA) community, and provides strategic security guidance during the EA process.
Performing research, evaluations, and develop recommendations and plans for the implementation of new or updated information security technologies.
Providing guidance for security activities in the system development life cycle (SDLC) and application development efforts.
Participates in organizational projects, as required. Developing and maintaining documentation for security systems and procedures. Investigating and resolving security violations by providing postmortem analysis to illuminate the issues and possible solutions. Researching threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
Developing a common set of security tools Defining operational parameters and conducting reviews of tool output.
Provides second- and third-level support and analysis during and after a security incident. Participating in security investigations and compliance reviews, as requested by internal or external auditors.
Maintaining an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes.
Participation in the design of web application security for an e-commerce site(s).
Securing, Architecting and Integrating Cloud-based Infrastructures. Excellent technical knowledge of Mainstream operating systems, Microsoft Windows and Red Hat Linux and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
Knowledge of: several of languages: (C, C++, Python, Perl, PHP, ASP, SQL, C# and /or Java)
Working knowledge of: Network security technologies (e.g. SIEM, DLP, Firewalls, IDS, IPS, application proxies and routing and switching fundamentals Information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
Network infrastructure, including routers, switches, firewalls, and the associated TCP/IP network protocols and concepts. Regulatory requirements such as PCI, FFIEC and Gramm-Leach-Bliley Act Current systems’ software, protocols and standard Cloud Infrastructures, (e.g. MS Azure, Amazon AWS and Google)