Sr. Information Security Engineer
Location: Phoenix AZ - Technology & Digital Commerce Center
I. SUMMARY STATEMENT
Provides team leadership and subject matter expert on security technologies and architecture, protocols, processes, topographies, and serves as a trusted security partner to the business units.
Reports to Director, Information Security. No direct reports.
III. PRIMARY DUTIES AND ACCOUNTABILITIES
Leads the Information Security Team with the design and implementation of security and architectures, to ensure the appropriate security guidelines, policies and procedures are in place to adequately address threats and vulnerabilities.
Partners with Technology and Business Unit control owners to serve as a security expert and trusted advisor in providing risk monitoring and mitigation guidance in alignment with industry best practices and regulatory requirements.
Serves as the primary assessor of networks and systems to identify, report on, and provide guidance in the remediation of security gaps to include:
Responding to Information Security threats, ensuring that company information assets remain secure
Performing incident response activities as necessary
Manages and performs product evaluations, recommends and implements products/services for Information Security that support strategic operational needs and security requirements. Validates and tests security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies. Trains other team members on new security solutions and transitions ownership, where possible, upon successful implementation.
Assess the production environment on an ongoing basis to ensure that it remains compliant with external regulations and company Information Security Policies and Standards
Assists Director with security strategy development and risk prioritization
IV. SKILLS, EDUCATIONAL BACKGROUND AND EXPERIENCE
Education, Experience and Knowledge
Bachelor's Degree in Computer Science, Information Systems, Engineering, or equivalent experience
12 years general IT experience
Minimum 5 years of professional Information Security experience
Previous experience in configuring and implementing heterogeneous technologies and standards across complex business and operational environments
Experience responding to and leading security incident response efforts
Up-to-date understanding of exploits and current vulnerabilities
Knowledge of the Payment Card Industry Data Security Standard (PCI DSS)
Knowledge of the following technologies:
1. Multi-vendor firewalls and border routers, and other internetworking technologies
2. Web Application Firewalls (WAFs)
3. Intrusion detection/prevention systems
4. Multi-factor authentication & access controls
5. Authorization controls
6. Protocol analyzers
7. Vulnerability scanners and exploit frameworks
8. Network protocol analysis, design, implementation and maintenance
9. Network and server virtualization solutions
10. Encryption protocols for protecting data in transit and at rest
11. Security Information Event Management (SIEM) solutions
Experience with Information Security architecture models
Experience identifying and remediating control weaknesses in manual and automated processes
Excellent verbal, written and listening communication skills
Superb customer service skills
Exemplarily interpersonal skills necessary to interact effectively with team members, project managers , developers, engineers, vendors, users and business analysts as well as executive and senior management
Strong presentation skills
Able to work under pressure and balance work load to ensure measurable progress on multiple high priority projects.
Ability to lead and prioritize multiple assignments supporting business as usual, user requests as well as special projects.
Able to work both independently as well as collaboratively achieving results within established timeframes with no supervision.
Ability to train less experienced team members on new security technologies and architectures such that other team will become self-supported with minimal oversight following conclusion of training.
Ability to present to large groups and Senior Management
Ability to identify and provide hands-on remediation for security vulnerabilities
Ability and willingness to accommodate demanding work schedules that vary based on system release and/or network update schedules
Ability to travel up to 10% to scheduled and unscheduled events throughout the United States and to potentially international locations.
Advanced Information Security certification required (CISSP and/or SANS)
Previous experience in Java development, network, or systems administration
Proficiency in scripting (Perl, Python, etc)
Experience with AWS
Experience with hotel technology