Home Job Postings – Security Engineer III This topic has replies, 0 voices, and was last updated 2 years ago by Andrew Baek. Now Editing “– Security Engineer III” Name * Password * Email Topic Title (Maximum Length 80) Company * Location Expires at RESUME TO INFO@A2ZRETURNVALUES.COM 이력서 검토후 연락드리겠습니다. Security Engineer III Purpose of this position: Participate in all information systems and network security aspects, including intrusion detection, incident response, vulnerability assessment, application security, and corporate information security policy compliance. Primarily be responsible for implementing, operating, and improving security technologies, including DLP, Antivirus, IPS/IDS, End Point Protection, Database Activity Monitoring, Web Application Firewall, and processes. Essential Functions: Security Engineering - Design, build, test, and deploy new security technologies, which include the development of the operational manual and run books - Provides technical security operations engineering services to support and update existing security systems and works to automate processes related to security implementations, monitoring, and enforcement - Investigates, recommends, evaluates, deploys, and integrates operational security tools and techniques to improve our ability to protect corporate assets and infrastructure - Participate in technical risk assessments and security exposure analyses of systems, networks, and business applications - Analyzes network security elements and overall network security architectural designs to ensure secure and optimal system and network performance and cost-effectiveness - Oversees the installation, configuration, and supportive processes of security technologies - Participate in or lead the Incident Response activities - Interacts with internal and external clients on security operations requirements, identifies security processes, and develops strategies/solutions to security issues - Keeps fully abreast of trends and changing technologies as they relate to IT. Network Engineering and Information Security fields - Lead or assist in periodic or ad-hoc security reports that provide relevant situational awareness to our senior stakeholders Security Operations / Administration - Monitor and manage our networks and infrastructure environment for attacks, malicious software, and possible intrusions, which includes the follow-up of complete remediation of infected systems. - Required to be on-call (after hours) per the established rotational schedule - Implement changes to our security technologies/infrastructure following standard and change control policies/procedures - Evaluate, implement, tune, and operate Security Solutions such as IPS, Vulnerability scanning tools, encryption capabilities, etc. - Monitor and recommend improvements in security technologies and their various reports - Risk Management / Security Audit/Assessment Support / Ad-hoc support - Support security audit / assessment-related activities and compliance reviews - Performs other tasks, duties, and projects as assigned - Provide Ad-hoc support as required. Scope Indicators: 1. Develop and implement cyber security policies and procedures. This includes developing and implementing security controls, risk management, and incident response plans. 2. Conduct security assessments and penetration testing. This involves identifying and evaluating security vulnerabilities in systems and networks. 3. Manage and operate security systems and tools. This includes configuring and monitoring security systems, such as firewalls, intrusion detection systems, and antivirus software. 4. Investigate and respond to cyber security incidents. This involves responding to security breaches, malware infections, and other cyber-attacks. 5. Train and educate employees on cyber security best practices. This includes training on security awareness, password management, and social engineering. 6. Stay current on the latest cyber security threats and trends. This involves reading security blogs and articles, attending conferences, and participating in training courses. Here are some specific indicators that can be used to measure the performance of a Senior Cyber Security position: 7. Number of security incidents prevented or mitigated. This is a measure of the effectiveness of the security controls and procedures that have been implemented. 8. Time to detect and respond to security incidents. This is a measure of the efficiency of the incident response process. 9. Percentage of employees who are security aware. This is a measure of the effectiveness of the security training program. 10. Number of security vulnerabilities identified and corrected. This is a measure of the effectiveness of the security assessment process. 11. Budget spent on cyber security. This is a measure of the organization's commitment to cybersecurity. Supervisory Responsibilities: This position does not have direct supervisory responsibilities. However, a Sr. Cyber Security may lead small project teams or guide junior team members on specific tasks or projects. Required Skills & Education: Education: Bachelor’s Degree in Computer Science, Information Systems or related field, or equivalent experience. Related Work Experience (Yrs.) • Minimum of 7 years of experience performing Security Engineering / Planning / Operations. Skills/Knowledge: • Experience in medium to complex computing environments, with advanced knowledge of security technologies and services • Hands-on experience with at least two or more of the following Enterprise Security Technologies: - Network Intrusion Prevention / Detection - Virtual Private Networks; SSL, IPsec, and Site-to-Site - Enterprise Class Stateful Inspection Firewalls - Network Access Controls in context to Identity management - Windows Server OS & Desktop OS - Network Packet Inspection - Directory Services, including LDAP, AD, and Secure Authentication Technologies • Experience in implementing Information Security technologies and processes required. • High-level understanding of server/virtual machine and network architecture and their security dependencies. • Deep-level understanding of network concepts such as routing & switching, subnetting, DCHP, DNS, etc. • Endpoint Security, including Endpoint Detection & Response (EDR), AV (Antivirus), DLP (Data Loss Prevention) • Web filtering (e.g.: Palo Alto, Forcepoint, Sophos, etc.) solutions and their operation • Experience in defining Information Security strategies and frameworks • Experience integrating security technologies into corporate operations frameworks. • Ability to communicate effectively with client staff at all levels, from technical to executive • Multi-task oriented in a team environment. Demonstrated ability to pay close attention to detail. • Knowledge of Information Security risk assessment methodologies and standards • Experience developing technical documentation, including reports, proposals, statements of work, and whitepapers • Ability to work independently, undertaking and completing project tasks on schedule with minimal supervision Certifications (Required/Preferred): • Security +, CISSP, CISSP-ISSAP, SANS, or other professional certifications applicable to security engineering are preferred. Note: Some travel may be required. Salary Range: $75,880 - $108,500 per yr. I agree to the terms of service Update List
