Security Engineer II

Job Title: Security Engineer II

Duration: Direct Hire

Location: Remote

Purpose: The Security Engineer II collaborates with the VP of Security and Compliance to ensure the company's technology assets and infrastructure are appropriately protected in compliance with our regulatory and contractual requirements.

1. Assists in carrying out the VP of Security and Compliance responsibilities in system security planning.
2. Responsible for developing and implementing company-wide Information Security systems, and Business Continuity/Disaster Recovery (BC/DR).
3. As changes occur in the existing IT system environment (e.g., expansion in network connectivity, changes to existing infrastructure, organizational policies, and introduction of new technologies), the IT Security Engineer uses the Risk Management process to identify and assess new potential risks and implement new security controls as needed to safeguard IT systems.
4. Identify, evaluate, and minimize risks to the systems that support the enterprise mission.
5. Act as consultant in support of senior management to ensure that security activities are taking place on an appropriate ongoing basis.
6. Facilitate through written policies, procedures and training the incorporation of security into all business units.
7. Facilitate the execution of appropriate BC/DR principles into all business units.
8. Ongoing project and systems integration responsibilities in coordination with departments, vendors, subcontractors, and clients.
9. Coordinates the development, review, and acceptance of system security plans with information system owners, information system administrators and users.
10. Provide ongoing support for organizations' security programs.
11. Provide ongoing support for organizations' risk management programs.
12. Facilitate the incorporation of security principles into business units.
13. Facilitates the execution of appropriate BC/DR security principles into the physical facilities.
14. Supports enterprise policies as they relate to Information Security.
15. Develop documented security policies and procedures.
16. Monitor industry standards as they relate to Information Security.
17. Publish written and electronic security policies, standards, and training.
18. Implement technical standards as they relate to policies and procedures.
19. Coordinate the audit and remediation of annual & quarterly security reviews as they relate to IT security systems.
20. Supports Compliance and Audit requirements.
21. Develop documented security audit policies to maintain required compliance.
22. Publish and deliver security policies, standards, and training.
23. Monitor technical standards as they relate to security compliance and audit requirements.
24. Coordinate the audit and remediation of annual & quarterly security audit results as they relate to IT security systems.
25. Identify and remediate facilities security issues and requirements as they relate to compliance with both industry and client standards.
26. Supports Business Continuance & Disaster Recovery initiatives and maintenance.
27. Implement and provide ongoing administrative support of the BC/DR Framework.
28. Facilitate implementation of appropriate BC/DR principles in physical facilities.
29. Agrees and adheres to the code of professional ethical conduct.
30. Support the work of, and perform in the absence of, Security Engineer duties.
31. Required to attend mandatory meetings and trainings, work scheduled overtime with minimal notice, and perform other duties as assigned per business needs.

To perform the job successfully, an individual should demonstrate the following:

1. Must be at least 18 years of age.
2. Able to read, write and speak English.
3. Successfully pass and maintain acceptable background checks and security clearances.
4. Bachelor's degree in Computer Science or related discipline from an accredited college or university and 3–5 years overall experience in hands on technology role; 1–3 years direct experience in an Information Security engineering role. In lieu of Bachelor's degree 5-7 years related experience may be considered.
5. Experience with architecting, designing, and building IT security solutions.
6. Knowledge of industry standards related to FISMA/DoD, HIPAA, Sarbanes-Oxley, and PCI.
7. Knowledge and experience with Disaster Recovery methodology and best practices.
8. Knowledge of networking systems including firewalls, routers, switches, and IDPS systems.
9. Understanding of control implementation against frameworks such as NIST and ISO to meet compliance requirements.
10. Working understanding of OWASP.
11. Possess professional qualifications, including training and experience, required to develop and review system security plans.

CISSP, CISM, CEH, CPT, MCSE, NSE are highly desirable

1. Experience with IDS/IPS technologies, firewall technologies (Palo Alto highly desired), anti-malware systems and advanced end-point protection, Windows Server, and Active Directory technologies, DAST & SAST technologies, cloud or premise based SIEM technologies.
2. Experience using scanning technologies such as Alert Logic, NESSUS.
3. Working knowledge of encryption and associated technology and knowledge of systems development in a .Net stack.
4. Experience with Microsoft Office Professional Suite, Altassian JIRA and Confluence project management software.