Security Engineer, Senior
Description Primary Function:
Support and administer all Information Technology security systems.
Responsible for system implementation, administration, incident handling, problem resolution, and vulnerability assessment.
Act as a representative of Information Security for large scale IT projects and corporate audit responses.
Duties and
Responsibilities:
Administer security systems that include but are not limited to firewalls, intrusion detection systems/intrusion prevention systems, web content filtering systems, proxy servers, mail gateways, multifactor authentication systems, and Syslog servers.
Assist in reporting and remediation of findings discovered by regular vulnerability scanning.
Assist in the completion of high priority audits by providing requested information.
Provide security expertise in the areas of vulnerability assessment, incident handling, system hardening, system implementation, and documentation.
Execute tasks using tools such as AppScan, PaloAlto, and Nexpose.
Ensure that vulnerabilities and intrusion attempts are detected and reported accordingly.
Provide recommendations for implementations of layered security solutions.
Review solutions for gaps in security that could impact the organization.
Create and maintain documentation of hardware and software implementations.
Perform after hours support duties on an as-needed basis.
Must comply with law, company policies and procedures, and the highest ethical standards.
Perform other duties as required.
Qualifications:
Associate or Bachelor's Degree in a Technical Discipline or equivalent work related field is required.
A minimum of 5 years' experience with Linux and Microsoft Server OS is required.
A minimum of 5 years' experience in one or more of the following areas is required:
- Application Security - -Implementation and management of WebInspect / Retina / AppScan or similar solutions -OWASP Top 10 / CWE/SANS Top 25 -Investigating security alerts related to web application exploits - Database Security - -Securing access to database resources through access control settings -Database design / support / implementation for multi instance environment (50
apps) -Securing access to database resources through creation of stored procedures and views - Network Security - -Perimeter security devices such as Firewalls, Intrusion Detection Systems and Web Proxy's -Network design / support / implementation for 1000
endpoints -Compliance validation / remediation related to NIST, ISO, PCI, and GLBA control families - Risk & Audit - -Management of findings and remediation tracking -Providing responses for audit activities such as SOC / SOC2 / 912 / SSAE 16 -Evaluation, interpretation, and implementation of security controls such as STIG / CMSR / PCI DSS - Security Operations Center (SOC) - -Systems event collection and analysis related to threat detection -Computer Incident Response Team (CIRT) / Computer Emergency Response Team (CERT) -Managing and configuring Splunk / Arcsight / QRadar or similar solutions Experience with the following is preferred:
-Networking protocols such as IP, TCP/UDP, DHCP, LDAP, Microsoft Active Directory -DNS, SSH, SSL/TLS, RADIUS, NTP, FTP, SMTP, SMB, SNMP -Ethernet, IPSec, 802.
1x Network Access Control, Port-Security, VLANS -Technical documentation -Managing Firewalls, IPS/IDS, Network Access Control, Static and dynamic analysis, vulnerability scanning and remediation -Enterprise Wireless implementation -Certificate Authorities and PKI -Familiarity with PCI-DSS, ISO and SAS70/SOC certifications The following professional certifications are preferred:
-Cisco Certifications (CCENT, CCNA), Network +, Security
-CISSP, SANS, or other Security certifications Essential Job Functions:
Maintain appropriate confidentiality regarding client information; ensure proper destruction of confidential documents, and compliance with Personally Identifiable Information (PII) rules and regulations.
Ability to type at a computer terminal and view input is required.
Ability to sit for extended periods of time is required.
Ability to communicate on a telephone, in person, and in writing with customers, vendors and other network users is required.
Maintain and install equipment may require bending and lifting.
General Information Services, Inc.
, is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
#DICEPOST .
Estimated Salary: $20 to $28 per hour based on qualifications.
Support and administer all Information Technology security systems.
Responsible for system implementation, administration, incident handling, problem resolution, and vulnerability assessment.
Act as a representative of Information Security for large scale IT projects and corporate audit responses.
Duties and
Responsibilities:
Administer security systems that include but are not limited to firewalls, intrusion detection systems/intrusion prevention systems, web content filtering systems, proxy servers, mail gateways, multifactor authentication systems, and Syslog servers.
Assist in reporting and remediation of findings discovered by regular vulnerability scanning.
Assist in the completion of high priority audits by providing requested information.
Provide security expertise in the areas of vulnerability assessment, incident handling, system hardening, system implementation, and documentation.
Execute tasks using tools such as AppScan, PaloAlto, and Nexpose.
Ensure that vulnerabilities and intrusion attempts are detected and reported accordingly.
Provide recommendations for implementations of layered security solutions.
Review solutions for gaps in security that could impact the organization.
Create and maintain documentation of hardware and software implementations.
Perform after hours support duties on an as-needed basis.
Must comply with law, company policies and procedures, and the highest ethical standards.
Perform other duties as required.
Qualifications:
Associate or Bachelor's Degree in a Technical Discipline or equivalent work related field is required.
A minimum of 5 years' experience with Linux and Microsoft Server OS is required.
A minimum of 5 years' experience in one or more of the following areas is required:
- Application Security - -Implementation and management of WebInspect / Retina / AppScan or similar solutions -OWASP Top 10 / CWE/SANS Top 25 -Investigating security alerts related to web application exploits - Database Security - -Securing access to database resources through access control settings -Database design / support / implementation for multi instance environment (50
apps) -Securing access to database resources through creation of stored procedures and views - Network Security - -Perimeter security devices such as Firewalls, Intrusion Detection Systems and Web Proxy's -Network design / support / implementation for 1000
endpoints -Compliance validation / remediation related to NIST, ISO, PCI, and GLBA control families - Risk & Audit - -Management of findings and remediation tracking -Providing responses for audit activities such as SOC / SOC2 / 912 / SSAE 16 -Evaluation, interpretation, and implementation of security controls such as STIG / CMSR / PCI DSS - Security Operations Center (SOC) - -Systems event collection and analysis related to threat detection -Computer Incident Response Team (CIRT) / Computer Emergency Response Team (CERT) -Managing and configuring Splunk / Arcsight / QRadar or similar solutions Experience with the following is preferred:
-Networking protocols such as IP, TCP/UDP, DHCP, LDAP, Microsoft Active Directory -DNS, SSH, SSL/TLS, RADIUS, NTP, FTP, SMTP, SMB, SNMP -Ethernet, IPSec, 802.
1x Network Access Control, Port-Security, VLANS -Technical documentation -Managing Firewalls, IPS/IDS, Network Access Control, Static and dynamic analysis, vulnerability scanning and remediation -Enterprise Wireless implementation -Certificate Authorities and PKI -Familiarity with PCI-DSS, ISO and SAS70/SOC certifications The following professional certifications are preferred:
-Cisco Certifications (CCENT, CCNA), Network +, Security
-CISSP, SANS, or other Security certifications Essential Job Functions:
Maintain appropriate confidentiality regarding client information; ensure proper destruction of confidential documents, and compliance with Personally Identifiable Information (PII) rules and regulations.
Ability to type at a computer terminal and view input is required.
Ability to sit for extended periods of time is required.
Ability to communicate on a telephone, in person, and in writing with customers, vendors and other network users is required.
Maintain and install equipment may require bending and lifting.
General Information Services, Inc.
, is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
#DICEPOST .
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
