Our client is looking to fill a full-time remote perm position as Security Engineer
in its Legal & Compliance Department. This position is responsible for designing, deploying, and maintaining information security systems to align with our security policies and validate compliance with company policies and procedures through auditing and monitoring of information systems.
This position will be remote. Candidate may work where they live anywhere in the United States.
What You’ll Do
What You’ll Need
- Ensure security operations and controls are effective and meet the needs of the security program.
- Support the central event log systems by monitoring event logs in accordance with schedule to proactively identifying security events, remediating security threats, and managing content filtering and alerting rules.
- Lead the vulnerability management program by conducting vulnerability scans, researching results identifying true/false reports, and providing guidance for escalation requirements.
- Design and implement overall security architecture including documentation, sub systems, technology, deployment, and visibility.
- Assist the Director, Corporate Security in the development and maintenance of controls to meet ISMS objectives.
- Participate in development and maintenance of security policies and procedures to ensure compliance with relevant laws, regulations, and standards.
- Assist in the ongoing maintenance of the organization’s security training and awareness program.
- Lead and/or assist Information Technology in Incident Response and the analysis of security events.
- Monitor and respond to alerts to identify potential cyber-attacks.
- Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement.
- Document security procedures for infrastructure, networks, authentication, and authorization.
- Architect and maintain security and threat modeling, alerting, and mitigation protocols, while automating repeatable tasks.
- Serve as a trusted expert security advisor both internally and externally.
- Bachelor’s Degree preferred
- Security certification preferred (CISSP, CASP+, CEH, GSEXC, CCSP, Azure SEA, etc)
- 5+ years in information security
- Experience with security operations and threat management.
- Deep understanding and experience in building and managing security infrastructure such as WAFs, intrusion detection, endpoint protection, SIEM, and log management technology.
- Thorough understanding of information security concepts, principles, protocols, techniques, and mitigation strategies.
- Familiar with security software products and audit tools (Nessus/Tenable, Alien Vault, Alert Logic)
- Strong knowledge of cloud security (Microsoft Azure or AWS)
- Knowledge of relevant laws, regulations, and standards that apply to personal and confidential information (HIPAA, FISMA, SOX, PCI-DSS, GLBA, etc)
- Experience with scripting languages such as Python and Perl
- Strong problem-solving skills, and an ability to work under pressure.
- Excellent communication and relationship building skills and the ability to tailor messages to a wide variety of audiences, from executives to individual contributors.
- Experience working with cross functional teams, including Information Technology, engineering, support, operations, etc.