Sr Security Engineer

This position analyzes the information security environment, identifies the requirements and develops measures, processes and systems to safeguard information against accidental or unauthorized modification, destruction or disclosure. Confers with team members, management, development personnel, risk assessment staff, auditors, facilities and security departments and other relevant personnel to identify and implement security plans for data, software applications, hardware, telecommunications, and computer installations.

Researches and determines methods of implementing and enforcing security policies. Advises resource owners on formation of appropriate security policies. Mentors other staff members on security topics.

Serves as primary driver to identify securable resources and mentor/assist business staff in selecting appropriate resource owners.

Works with resource owners in business organizations to determine appropriate security policies for securable resources.

Consults with IT technical services staff to evaluate, select, install and configure hardware and software systems that provide appropriate security functions.

Mentors, leads or assists resource owners and IT staff in understanding and responding to security audit failures reported by internal and external auditing departments.

Determines processes and oversees review of operation logs and event console activity to determine cause of security-related events or to identify potential security related events.

Advises security administration staff on normal and exception processing of security authorization requests.

Determine appropriate level of documentation. Documents security policies and maintains resource classification scheme. May be required on occasion to present information on security status, project status and security training to audiences from management to field staff as appropriate.

Proactively protects the integrity, confidentiality and availability of information in the custody of or processed by the company by: responding in a timely manner to a loss or misuse of information assets; leading and participating in investigations of suspected information security misuse or in compliance reviews as requested by auditors; communicating unresolved security exposures, misuse or noncompliance situations to management.

Consults with IT management to ensure selection and use of realistic enforcement mechanisms.

Oversees review of security policies and resource classification scheme; keeps management informed of project status.

Provides technical expertise and guides the administration of security tools that control and monitor information security, including: updating access control tables; setting up user logon ids and assigning/resetting passwords; designing computer system access reports to identify possible security violations.

Researches, defines, develops and maintains effective disaster recovery plans, processes and procedures necessary to recover services in the event of a declared disaster. Provides direction and in house consulting in these areas.

Researches, evaluates, designs, tests, recommends and plans implementation of new or improved information security software or devices.

Analyzes new software applications or tool implementations for implications to existing security software and devices.

Defines curriculum and trains information owners in the implementation of necessary computer security controls or new/upgraded security software and devices.

Develops and implements information security educational programs, conducting awareness seminars and workshops as appropriate.

Maintains technical reference library. Develops technical information materials and workshops on these new areas for IT as appropriate.

This job profile is not meant to be all inclusive of the responsibilities of this position; may perform other duties as assigned or required.

Bachelor’s degree in Computer Science, Computer Information Systems, Business Information Systems, Engineering, Information Security, or related discipline or equivalent work experience and technical training is required.

Industry certifications, including one or more of the following: CISSP, CISA, CISM, SANS GIAC, or other industry specific certification.

Master's degree is preferred.

Minimum 5 years of experience in Information Security.

6+ years of experience in IT with a broad range of exposure to business planning, systems analysis, security solutions, application development and infrastructure support.

Experience in IT must include exposure to systems analysis, security solutions and application development, and infrastructure support.

Familiarity with information security standards, including NIST, COBIT, ISO 27001, ITIL.

Experience in data administration and security methods plus experience in various…