ID
#7266647
Job type
Permanent
Salary
$70000 - $90000 per annum
Source
Vaco Technology
Date
2020-12-23
Deadline
2021-02-21

Security Engineer

Virginia, Richmond, 23298

Permanent

Vacancy expired!

This position is responsible for understanding the best practices and regulatory environment for IT security and privacy and how to practically implement those items. In addition, the candidate is responsible for verifying current security posture and working with system owners to remediate vulnerabilities, ensure regulatory and policy compliance.

Key Responsibilities:

Security Requirements

Working with Senior Information Security Engineer, design, implement and monitor security measures for the protection of computer systems, networks and information.

- Identify, define and communicate information security requirements
- Prepare and document standard security procedures and processes as well as technology specific security baselines
- Consult and advise system owners on the best methods for meeting information security requirements and remediated identified vulnerabilities
- Define system policies for systems users

Security Administration

Perform network security administration

- Configure and maintain security infrastructure devices including database maintenance tasks
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
- Respond to security events and incidents as outlined in the Incident Response Guide.
- Define network systems security requirements and specifications
- Assist with the development and implementation of information security procedures
- Evaluate network system design and configuration for security
- Develop recommendations for systems security upgrades and improvements
- Evaluate the impact of security configuration on system design and performance
- Track metrics for evaluating success of information security processes
- Participate in Information Security on-call rotation

Perform application development related security administration

- Assist senior information security engineers and development staff with the definition of application security requirements
- Define application security standards and polices for users and developers
- Evaluate site design for security compliance
- Evaluate application servers for security compliance
- Evaluate technology and usage trends for impact on security
- Develop recommendations for systems security upgrades and improvements

Perform client security administration

- Ensure that endpoint protection is current and active on all workstation and servers
- Evaluate systems design and configuration for security
- Monitor and report security problems

Participate in network security audits, analyze results and make recommendations for remediation
Develop recommendations for system security upgrades and improvements
Maintain current patch status for all servers and workstation as well as all major applications. Work with system owners to provide current status and ensure that all system patches are up to date
Execute organization wide Security Awareness Program that includes:

- General security awareness training and assessment required for all employees and contractor per Corporate Security Policy
- Significant User training for employees with higher level of security responsibility or elevated privileges
- Periodic optional training and information for all staff on relevant topics

Manage small to medium security projects and efforts

Manage IT and security policies and standards

Assist with definition of security and access requirements
Keep current with industry best practices and standards
Recommend areas of information management and security that require the establishment of policies and standards in the organization
Assess currency and efficiency of IT security polices and standards
Make recommendations for policies and standards to meet new and changing requirements
Develop processes to disseminate and support compliance to policies and standards

Minimum Requirements

2 years of technical experience working in the Information Security field

5 years of experience in the information technology field preferred

Critical Skills

Techincal Requirements:

Security Awareness
Security Incident Response
Vulnerability Management
Antivirantimalware
SIEM
Firewalls
Security Policy Development
NIST 800-53
Security Monitoring
Security Reporting

Additional Skills and Qualifications

Experience leading small to medium projects, assisting with definition, selection and implementation of security tools, technologies and processes
Hands-on experience implementing and administering information security, infrastructure and software systems.
Experience evaluating potential solutions, selecting and recommending the best solution
Experience working with security technologies, such as IDS/IPS, SIEM, access controls, encryption and forensic tools.
Ability to assess and articulate risks, benefits and opportunities associated with a proposed design or solution.
Demonstrated ability to design and implement simple infrastructure, applications, networks and systems with the goal of meeting business and security objectives
Demonstrated ability to design modifications to existing systems that improve security without compromising business objectives
Champion information security throughout the organization

Education:

4-year Degree in Computer Science/Engineering or equivalent IT Information Security experience

Vacancy expired!

Report job