Senior Security Infrastructure Engineer

Senior Security Infrastructure Engineer

Remote type: Remote
Locations: Nationwide
Time type: Full time
Posted on: Posted 5 Days Ago
Time left to apply: End Date: February 15, 2025 (5 days left to apply)
Job requisition id: R.0049650

Our vision for the future is based on the idea that transforming financial lives starts by giving our people the freedom to transform their own. We have a flexible work environment, and fluid career paths. We not only encourage but celebrate internal mobility. We also recognize the importance of purpose, well-being, and work-life balance. Within Empower and our communities, we work hard to create a welcoming and inclusive environment, and our associates dedicate thousands of hours to volunteering for causes that matter most to them.

Chart your own path and grow your career while helping more customers achieve financial freedom. Empower Yourself.

As a Senior Security Infrastructure Engineer, you will:

• Provide direction to the team for information security policies, standards, and procedures that adhere to industry best practices.
• Implement security hardening standards for IT Infrastructure related to Firewall, Web Application, Network Access Control, Remote Access, Multi-Factor Authentication, Endpoint, End User Computing, Server, Emergency Detection and Response, and similar security components.
• Help define the direction for infrastructure security to ensure alignment with established policies and controls.

What you will do:

• Conduct security operations necessary to maintain the confidentiality, availability, and integrity of enterprise data and information systems.
• Maintain security tools and technologies throughout the enterprise environment, including but not limited to firewalls, proxies, remote access VPN, cloud security, SaaS security, data protection, bastion hosts, vulnerability management, packet brokers, packet captures appliances, SIEM, log forwarding, network access control.
• Evaluate, design, and implement security-related solutions, adhering to established change control processes.
• Provide technical security planning, implementation, configuration, support, and troubleshooting services on all security technologies.
• Coordinate with systems and network engineers to ensure servers and network devices conform to security standards, and that security devices and controls are working as designed.
• Assist with the development, implementation, and administration of information security policies, standards, and procedures, adhering to industry best practices.
• Assist in defining the security strategy and integrating regulatory compliance requirements (e.g., PCI, GLBA) into the organizational security roadmap.
• Assist in ensuring that the corporate IT environment is secure and complies with all internal and external audit requirements.
• Implement and maintain cryptographic controls (e.g. data at rest, data in transit) in line with security requirements.
• Participate in 24x7 on-call rotation.

What you will bring:

• 5+ years of experience with managing security controls, including defining policies and administering devices such as Cisco and Palo Alto Networks firewalls, IDS/IPS platforms, DLP devices, e-mail/web filtering solutions.
• 6+ years of technical experience working with security solutions and conducting security operations.
• 6+ years of network security experience and reviewing security tools and solutions and making recommendations on utilization and strategy.
• 6+ years of experience with network protocols, data flows, and attacks within an IP environment.
• 5+ years of experience in building configurations for security devices and building an automated process to support large-scale deployment.
• 3+ years of experience with commercial and open-source security applications and technologies (e.g. malware prevention, DLP, IDS/IDP, cryptography, vulnerability scanning and penetration testing), as well as related protocols and tools (e.g. SSH, SSL/TLS, snort, port scanners, rootkit detectors, etc.).
• 2+ years of experience performing network and application security administration, penetration testing, and/or threat assessments ISSP, GIAC certification(s).
• 2+ years programming/scripting experience – one or more of: C, C++, Java, Perl, PHP, Python, shell.

What will set you apart:

• Certifications (or their equivalent) such as AWS Associate Solution Architect, PCNSE, CISSP, Aruba Certified Clearpass Associate or better, Cisco Certified Network Associate or better (CCNP Security, CCIE Security) or Cisco ISE Certification (300-715 SISE).
• Demonstration or presentation of detailed implementation/cutover planning that illustrates your ability to safely implement technologies.
• Github repository showing proficiency in programming/scripting.
• A passion for Web Application Security, Container Security, or Network Access Control.
• Extensive knowledge and experience with security software, firewalls, intrusion detection systems, and other security systems and network monitoring.
• Extensive hands-on technical knowledge of network systems, protocols, and standards such as Ethernet, LAN, WAN, and TCP/IP.
• Experience as a security specialist in a regulated IT environment including some combination of SOX, HIPAA, GLBA, PCI and responsible for compliance and performing/coordinating audits (1+ years).

What we offer you:

• Medical, dental, vision, and life insurance.
• Retirement savings – 401(k) plan with generous company matching contributions (up to 6%), financial advisory services, potential company discretionary contribution, and a broad investment lineup.
• Tuition reimbursement up to $5,250/year.
• Business-casual environment that includes the option to wear jeans.
• Generous paid time off upon hire – including a paid time off program plus ten paid company holidays and three floating holidays each calendar year.
• Paid volunteer time — 16 hours per calendar year.
• Leave of absence programs – including paid parental leave, paid short- and long-term disability, and Family and Medical Leave (FMLA).
• Business Resource Groups (BRGs) - internal networks that rally around common interest, experiences, and identities such as race, ethnicity, gender, ability, military status, and sexual orientation. BRGs play a vital role in educating and engaging our people and advancing our business priorities.

Base Salary Range: $123,000.00 - $178,350.00

The salary range above shows the typical minimum to maximum base salary range for this position in the location listed. Non-sales positions have the opportunity to participate in a bonus program. Sales positions are eligible for sales incentives, and in some instances a bonus plan, whereby total compensation may far exceed base salary depending on individual performance. Actual compensation offered may vary from posted hiring range based upon geographic location, work experience, education, licensure requirements, and/or skill level and will be finalized at the time of offer.

Equal opportunity employer • Drug-free workplace

We are an equal opportunity employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. All qualified applicants will receive consideration for employment without regard to age (40 and over), race, color, national origin, ancestry, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, religion, physical or mental disability, military or veteran status, genetic information, or any other status protected by applicable state or local law.

***Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time, including CPT/OPT.***