Reports To: GIS Director, Engineering & Architecture
He/she will have a strong background within information security and security engineering, with hands-on experience of a diverse range of security technologies that include, but not are not limited to: firewalls, application firewalls, IPS/IDS, Wireless, Network Access Control(NAC), SSL and IPSEC VPN's, DLP, SIEM, PKI/Strong Authentication, database technologies, load balancing, encryption technologies, mobility security, end user computing security, cloud security, network security, and OS vulnerability scanning tools and identity and access management tools.
The GIS Sr. Security Engineer - will provide direct support to the GIS Director, A&E and follow up on necessary action items for the GIS A&E team, and provide subject matter expertise from a security engineering perspective as needed with focus on identity and access management when consulting on enterprise roadmap projects and strategy.
As a hands-on technical specialist, the GIS Sr. Security Engineer - Identity will be expected to handle complex and detailed technical work necessary to establish and maintain a secure identity and access management program. Responsibilities include, but are not limited to:
Demonstrate understanding of the following concepts and technologies:
- Assist in designing and supporting the overall security architecture of the enterprise systems environment
- Assist in designing and supporting the enterprise identity and access management program
- Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Provide defensive security services, specializing in the development and continuous tuning of components of the company's defensive and detection infrastructure
- Interface with the GIS Operations team regularly to assist in operationalizing and integrating ongoing incident response and cyber intelligence outputs into necessary infrastructure/tools
- Plan security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; adhering to industry standards.
- Prepare system security reports by collecting, analyzing, and summarizing data and trends.
- Assist in design, implementation and maintaining enterprise security event monitoring program and process
- Update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
- Expectation of off-hours support, responsiveness and availability in response to security related incidents, material developments which could create risk to the Company, known threats etc.
- Defense in depth security models and security management practices, Cloud Security Concepts, Mobile Architecture, Network and Application Security and Data protection.
- Identity and access management for both on premise systems and integrate with cloud environments.
- Privileged access management and auditing
- Threat intelligence
- Application Security Vulnerabilities such as OWASP Top 10 and remediation approaches
- Experience with enterprise technologies, authentication and authorization schemes (e.g. Active directory, LDAP)
- Network and web related protocols (e.g. TCP/IP, UDP, IPSEC, HTTP, HTTPS, SMTP, SNMP, ICAP)
- Demonstrated experience teaming with business and IT stakeholders at all levels, to deliver and sustain high caliber projects and operations.
- Bachelor's degree in Computer Science, Information Systems, other related field; or equivalent work experience
- Minimum of three years of information security experience in a corporate or consulting environment
- Demonstrated exceptional passion and drive for cyber security as evidenced by self-driven past accomplishments that had significant positive impact to shareholders preferred
- Any one or more of the following preferred
- Certified Information Systems Security Professional (CISSP) from ISC2
- (any) Global Information Assurance Certification (GIAC) from SANS
- Offensive Security (OSCP, OSCE) certification, knowledge and/or penetration testing experience a plus
- Knowledge of common information security management frameworks and practices such as ISO/IEC 17799:2005 and ISO/IEC 270xx, National Institute of Standards and Technology (NIST), and the United States Computer Emergency Readiness Team (US-CERT)
- Effective technical skills to understand the ramifications of various system security recommendations and decisions
- Excellent oral/written communication, problem solving and analytical skills
- Ability to work independently and as part of a team to achieve desired objectives and project results
- Ability to interface effectively and decisively with all levels of management, departments and outside vendors.
A little about us:
We are lucky to work in a business where imagination, creativity, and play aren't only encouraged, they're required.