Information Security Engineer - Threat Management

US-IA-Des Moines
Job ID
212680
Category
Information Technology
Requires Non-Compete?
No

Job Summary

In this role, you will design, define, and implement procedures that are necessary to ensure the safety of information systems assets, protecting them from intentional or inadvertent access or destruction. You will create and engineer systems or procedures to solve complex problems, controls/applications, while balancing business needs against potential risks, threats and vulnerabilities. In addition, you will provide technical consultation and insight in Threat and Vulnerability Management, working across multiple disciplines such as networks, servers, desktops, applications and databases.

 

Core Competencies:

  • Accountability: Owning and taking responsibility for one’s actions.
  • Business Acumen: Understanding industry, market, financial and company specific operations.
  • Collaboration and Communication: Working together; listen to other’s ideas; communicate accurately and concisely.
  • Decision Making: Consider all facts and impacts when making decisions.
  • Focus on the Customer: Consistently doing what is in the best interest of our customer. Leaving a positive impression on the customer by elevating their experience; making it simpler and educating to helping them understand.

Minimum Qualifications Required (all must be met to be considered)

  • Bachelor's Degree or direct and applicable work experience
  • Certified Information Systems Security Professional CISSP ISC at the time of hire or obtained within 12 months of hire date.  
  • Minimum of 4+ years’ experience of general Information Technology to include a combination of the following:
    • Network engineering, servers, application development, cloud services/infrastructure
    • With a minimum of 4+ years within IT security - identifying and managing risk, code analysis, application security, scripting, and pen-testing
  • Proven ability to be analytical and think critically to obtain relevant information/identify essential elements, and examine issues or inconsistencies; further, identify causes and key factors; relate and compare data from different sources, and identify alternative solutions.
  • Demonstrated ability to communicate clearly, concisely, and transparently when in a stressful situation.
  • Provide advice and council with stakeholders within the organization. Understand stakeholder programs, issues, organization, and culture.
  • Adept at viewing situations from the stakeholder’s perspective to better address their needs and expectations.
  • Demonstrated ability to break down extremely complex problems and identify all of their facets, including hidden or tricky aspects, to find root-cause of problems. Generate a range of solutions and courses of action with benefits, costs, and risks associated with each. Probe appropriate sources for answers, and think ‘outside the box’ to find options. Test proposed solutions against the reality of likely effects before presenting recommendations in difficult situations.
  • Proven ability to follow procedures for identifying, reporting and preventing fraud.
  • Ability to generate innovative solutions in work situations; tries different and novel ways to deal with work problems and opportunities.
  • Demonstrated use of techniques in data manipulation and management for reporting complex topics to both internal and external audiences
  • Travel required intermittent, up to 5%

Hiring Specifications Preferred

  • Bachelor’s Degree
  • Security/Forensic specific certifications SANS Global Information Assurance Certification GIAC
  • Microsoft Certified Professional MCP Microsoft
  • 4+ years’ experience with Linux, Windows (server and desktop)
  • Ability to lead work teams without direct authority, including coaching and mentoring, and directing and facilitating work activities, to produce results.

Job Accountabilities

a. Design, analyze, and manage multiple security and/or access control models in a planned, conscious manner following defined security lifecycle. Measure and report on effectiveness of security controls to Corporate Information Security CIS leadership, as well as to team members, IT leadership and IT staff. Controls include

b. Vulnerability Scanning Systems Ensure that daily scanning of network, system, application and database assets across the enterprise is occurring. Verify the reports results are accurate and report to IT leaders and technical staff. Leads the works with various IT teams to remediate vulnerabilities.

c. Firewall Rule Analysis System Review firewall rules to ensure new rules do not cause undue risk. Report findings to Security Architects. Assist project managers, technical staff and business members through the Firewall Request processes. Ensure antivirus is installed across systems in the enterprise.

d. Defines relevant metrics that can be used to report on the efficacy of SecOps controls.

e. Acts as a liaison with the other SecOps functions to ensure IOC and information sharing activities are regularly occurring.

f. Mentors and provides guidance for the other SecOps analysts coordinating with CIS leadership.

g. Security Configuration Hardening Processes Leads the work with IT technical teams to ensure defined security configurations are applied across the enterprise. Review and update security configurations as appropriate.

h. Interpret information security policies, standards, and other requirements as they relate to a specific internal information system, and assist with the implementation of these and other information security control requirements.

i. Provide guidance and coaching to other Security Operations professionals.

j. Serve as a representative of the security control structure ensure key methodologies and concepts are applied and documentation in place to satisfy corporate, department, and internal and external auditor review. Solve complex security issues such as bypassed controls, disrupting security measures and technology changes provides a continual balance of applied security safeguards and business usability. Offer high tier technical information security consulting services to distributed personnel who are responsible for one or more information security systems these people include Network Administrators, Systems Administrators, Database Administrators and Application Developers.

k. Evaluate information system bug reports, security exploit reports, laws and regulations, and other information security notices issued by information system vendors, government agencies, universities, professional associations, and other organizations, and as needed, makes recommendations to internal management and technical staff to take precautionary steps.

l. Serve as an active member of the Security Incident Response Team SIRT and participates in security incident response efforts by, among other things, having an indepth knowledge of common security exploits, vulnerabilities and countermeasures. Respond to security incidents, and advises on risk remediation plans, provide security reports to Corporate Information Security management team. Act as a technical consultant on information security incident investigations and forensic technical analysis.

m. Maintain uptodate detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. Research and recommend new emerging technologies, techniques and tools that will add value to the organization.

n. Other duties as assigned.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed