Thursday, October 18, 2018

Information Security Engineer

Immediate need for Information Security Engineer, Full-Time position in Issaquah, WA

Description of position:
The role of every Information Security team member is to support the overarching values and business goals of Client Wholesale as they relate to meeting legal, ethical and regulatory obligations; protecting member privacy; and maintaining a security technology environment for our operations. The Information Security Engineer provides consultative services, works with vendors for product consideration and recommendation, performs monitoring and auditing of information system activities, creates and maintains documentation related to policies, standards and procedures; and, mentors team members with lesser subject matter expertise.


Tasks and responsibilities:
Works with stakeholders to provide security solutions that support their business requirements

Works to create roadmap for consolidation and integration of enterprise and/or security platforms

Performs the project manager role on security-related projects
Identifies existing security gaps and design remediation efforts to address those gaps

Assess and/or design centralized user and configuration management systems

Performs and/or coordinate regular security assessments of existing or new infrastructure

Performs duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction

Works with information systems custodians (i.e., department managers, user community and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with Client’s Information Security Policy
Assists with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports

Develops and maintains centralized information systems security standards, procedures, and guidelines

Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.

Conducts security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices

Responds to discovered security incidents by informing appropriate custodians, determining root cause, and identifying and executing remedial actions (if necessary) required to re-establish respective information system security

Coordinates activities or engagements with loss prevention, interact with legal and law enforcement as required

Assists in other areas of the department and company as necessary

Required skills, abilities, and certifications:
A Bachelor’s degree in Computer Science or a minimum of 6 years of information systems security experience in a leadership role preferred
One or more professional security certifications such as CISA, CEH, GIAC or CISSP (or equivalent experience)

Ability to work effectively, independent of assistance or supervision
Innovative, creative, and extremely responsive, with a strong sense of urgency

Willing to share knowledge and assist others in understanding technical and business topics

Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays

Experience with firewalls, routers, load balancers and DMZ silos, and packet capture technologies helpful

Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling)

Demonstrated experience of “hands on” security knowledge of the following platforms: Windows in a large Active Directory environment, Linux, AIX, Ubuntu and other UNIX variants

Web technologies such as Websphere, IIS, Apache, IHS
Scripting knowledge including Perl, Python, Powershell, etc.
Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone

Experience with tools such as NMAp, NetCat and Enum
Experience with IDS (Sourcefire, SNORT) and SIEMS technologies such as ArcSight, Splunk ES

Working knowledge of protocols and technologies such as TCP, UDP, SSL/TLS.

Working knowledge of HTML, CSS, JavaScript and WML

At least one technical certification related to a major Client platform (Microsoft, Linux or Cisco)

Ability to interpret information security data and processes to identify potential compliance issues (SOX, HIPAA, PCI)

Ability to quickly understand security systems in order to identify and validate security requirements using logical, risk based prioritization methods

Experience with performing computer forensics and analysis
Technical Recruiter
Office# 732-481-2938