Senior Security Engineer
The Senior Security Engineer is responsible for security system deployments, configuration, monitoring and reporting of security-related events. Provides support to planning and implementing security controls which safeguard and monitor events for information systems, enterprise applications, outsourced services and data. Provides Tier II support for security-related incidents and issues.
• Advises of all security concerns and provides options and solutions to resolve these concerns.
• Reviews proposed security infrastructure changes of all other team members as well as other groups and departments to maintain a high level of security integrity.
• Contributes to the development of a constantly maturing information security program.
• Investigates and resolves any security-related incidents, complaints or questions.
• Plans and implements processes, policies and technologies to protect from current and future attacks.
• Analyzes and updates firewall rules and access control lists.
• Shares knowledge with others on the team and fosters a collaborative work environment.
• Performs security and vulnerability assessments with remediation plans.
• Takes immediate action on security incidents.
• Researches and implements new technologies to improve and grow the security infrastructure (e.g. applications, systems, outsources services).
• Obtains information and stays up to date on the latest exploits and security trends.
• Works with business partners in helping to secure new and existing applications.
• Helps ensure the security systems and platforms are compliant with regulatory audits such as SOX and PCI.
Education and experience
• Bachelor’s degree in Computer Science or related field or equivalent combination of industry related professional experience and education.
• 4+ years of experience working within a complex information security team.
• Experience with common security frameworks (ex: NIST and SANS).
• Hands-on experience managing a wide range of security technologies such as patching, MFA, SSO, VPN, PAM/IAM, Next-Gen Firewalls, SIEM, Anti-Malware, Vulnerability Scanning, etc.
Knowledge and skills
• Industry certifications (CISA, CEH, CISSP, CISM, CIA, etc).
• Network / System Administration experience/background.
• Scripting (Powershell, Python, etc).
• Retail or multi-location experience preferred.