Information Security Engineer (4001050083) Chattanooga, Tennessee
|Salary:||USD95000 - USD98000 per year + Commensurate|
Hudson, a division of Hudson Highland Group, Inc. (NASDAQ: HHGP), a $1.2 billion global company, is one of the world's leading professional staffing, outsourcing and employment lifecycle solution providers. We are looking a hands-on Information Security Engineer. This is a permanent position for our client in Chattanooga, TN.
** Client is offering relocation assistance! **
- The Information Security Engineer works in support of Information Security and Compliance requirements across the client’s organization, collaborating with all departments, customers and partners.
- The Information Security Engineer will provide planning, technical expertise, and direction regarding computer and network security modeling services for both local and wide area host network resources. In addition to this security modeling the Information Security Engineer will be leading the exploit, vulnerability and penetration testing and analysis efforts in support of the client and the client customers.
- This position will also be responsible for tactical incident response service including forensics in addition to performing services like vulnerability assessments, FW/IPS/IDS analysis, security education, and interpretation to customers.
- The Information Security Engineer is the information security subject matter export and a key member of the Patch Management Program, providing exploit and vulnerability analysis and the investigation and testing of exploits and building remediation following Patch Management processes.
- This position will maintain a broad knowledge of current and emerging state of the art computer/network system technologies, architectures, and security products.
Responsibilities and Duties:
- Works on a team within the Information Security and Compliance organization, focusing on IT Security programs, processes and initiatives, acting as the central point of contact and collaborating with other organization units within the company in these matters.
- Performs exploit, vulnerability and penetration assessments that identify current and future internal and external security vulnerabilities, provides necessary information to derive decisions about risk acceptance and risk mitigation, and identifies the best ways to reduce information security risks.
- Lead/Participate on interdisciplinary teams of Engineers, Architects, and Operations personnel to ensure best practices, security education and risk mitigation.
- Defines baseline security configurations for operating systems across multiple platforms per the Security Technical Implementation Guides and best practices.
- Analyze and asses computer/network architecture requirements and determine optimum, cost-effective security solutions.
- Work with Architects and Project Managers to develop, plan, and implement system enhancements and upgrades to meet the organizations compliance requirements.
- Assess security posture of internal and external customers/entities through regular assessments (Internal and External Vulnerability scanning, Firewall, VPN, War Dialing, Wireless Security, Social Engineering, Host Security Configuration, Network Design, Mobile, Physical Security, and Virtual Infrastructure Security) and a remediation Plan of Action and Milestone (PoAM)
- Perform vulnerability scanning and penetration test. Ability to analyze the information and determine the risk to the organization.
- Review Intrusion Detection and Prevention/Firewall information to perform analytics and forensics methodologies.
- Knowledge of computer security systems, applications, procedures, and techniques to meet regulatory compliance initiatives.
- Implementing, configuring, and managing security monitoring tools.
- Conduct technical research and analysis related to cyber security, primarily in the areas of forensics and reverse engineering of malware.
- Develop multidisciplinary solutions to a wide variety of complex technical problems. Ability to adapt and resolve unforeseen or novel technical problems
- Supports the client security compliance program, ensuring all external compliance requirements are identified, current compliance status is identified, and remediation actions and protects are identified, prioritized, and tracked to completion.
- Ensures adequate and effective IT controls exist to meet current and future security compliance requirements found in laws and regulations such as requirements to comply with SSAE 16 SOC I & II, PCI-DSS (Payment Card Industry) Security Standards, HIPAA, state and federal Privacy law.
- Understand and implement best practices based off the foundations such ISO 27001, NIST, and COBIT.
- Acts as a liaison regarding the work of information security consultants, contractors, temporaries, and outsourcing firms related to areas of responsibility.
- Provide assistance and consulting services to the client’s client base to help manage their compliance programs.
- Assists with the implementation of company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices.
- Senior level individual Contributor. Works under direction of management in a team oriented environment as well as independently. Responsible for contributing to the management of one or more medium to large-sized highly complex programs and projects.
- Develop and maintain a deep understanding of value drivers for the client and customer business units in order to inspire and achieve innovative value creation strategies.
- Establishes and maintains strong working relationships with groups involved with information security and compliance matters such as the Information Technology Managed Services Department, Application Services Department, HR and customer compliance organizations.
- Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a highly-matrixed organization. Capable of delivering results through a position of influence, not authority. Takes personal initiative and is a positive example for others to emulate.
- Maintain industry relationships and look to all sources available to develop the best technology strategies
- This position will report to the Information Security Compliance Manager.
- Adept at communicating complex concepts to diverse audiences with varying skills sets.
- Written and verbal communication skills are critical. Must be able to communicate with the technology providers as well as with business leaders. An ability to understand the technical details and communicate the essentials at a high level is essential
- Experience designing and securing large-scale, multi-tier application and network deployments in collaboration with development, network and system engineering teams.
- Understanding of applicable regulatory requirements including SSAE16 SOC I & II, PCI DSS, FFIEC and HIPAA.
- Familiar with foundation such as ISO 27001, NIST, and COBIT.
- 3 years’ experience in Information Security and 3 to 5 years in Information Technology.
- 3 years experienced in methodologies and tools for exploiting vulnerabilities (experience with BackTrack tools, vulnerability scanners, Metasploit, and wireless penetration technologies.
- Bachelor’s Degree in Information Systems or Equivalent Professional Experience
- Proven, broad, in-depth technical knowledge of Security principles and process is required.
- Security Management Certifications or ability to obtain within 12 months (CISSP, CISM, FITSP-M)
- Security Technical Certifications and training focused on Penetration Testing recommended but not required.
- Network Certifications recommended but not required (CCNA, CCNP)