Sr. Security Engineer

Atlanta, GA - 30354

Contract role

Qualifications:

• 5 or more years of experience with information technology security programs, audits, controls and/or third-party risk management
• Ability to identify and assess IT security controls against company policies and standards and Federal/State Regulatory requirements and identify and communicate gaps
• Exceptional written and verbal communication skills
• Advanced computer skills including Microsoft Office suite and other business-related software programs
• Ability to effectively manage time and productivity with competing priorities in a rapidly changing, fast-paced, interactive, results-based team environment
• Proven analytical / problem solving skills and ability to work with cross-functional teams
• High School diploma, GED or High School Equivalency.
• Embraces diverse people, thinking and styles.
• Consistently makes safety and security, of self and others, the priority.

What will give you a competitive edge (preferred qualifications):

• Bachelor’s Degree or 5 plus years of relevant experience in Computer Science, Mathematics, Engineering, Information Systems, Management Information Systems or Information Security
• Key industry certifications such as CISA, CISM, CISSP, CRISC, etc.
• Knowledge of industry standard frameworks such as NIST Cybersecurity Framework, ISO 27001, NIST 800-30, etc.
• Familiarity with third party information security attestations/certifications such as SOC I/II reports, ISO, PCI-DSS, SOX.
• Comprehensive knowledge of third-party risk concepts, methodologies, governance structures and experience in managing risk and performing vendor risk assessments
• Experience across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics
• Experience across IT domains such as application development, infrastructure, technical support and operations, cloud technologies and/or continuity of business
• Experience with RSA Archer.

Responsibilities:

• Responsible for the design, testing, evaluation, implementation, support, management, and deployment of security systems/devices used to safeguard the organizations information assets.
• Also responsible for analyzing the information security environment and assisting with the development of security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure.
• Works with the technical team to recover data after a security breach.
• Configures and installs firewalls and intrusion detection systems.
• Develops automation scripts to handle and track incidents.
• Investigates intrusion incidents, conducts forensic investigations and mounts incident responses.
• Delivers technical reports and formal papers on test findings.
• Installs firewalls, data encryption, and other security measures.
• Maintains access by providing information, resources, and technical support.
• Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements.
• Updates job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Accomplishes information systems and organization mission by completing related results as needed.
• Builds, deploys, and tracks security measurements for computer systems and networks.
• Mitigates security vulnerabilities by implementing applicable solutions and tools.
• Performs vulnerability testing, risk analyses, and security assessments.
• Collaborates with colleagues on authentication, authorization, and encryption solutions.
• Tests security solutions using industry standard analysis criteria.
• Responds to information security issues during each stage of a projects lifecycle.
• Performs risk assessments and testing of data processing systems.
• Establishes system controls by developing framework for controls and levels of access; recommending improvements
• Establishes computer and terminal physical security by developing standards, policies, and procedures; coordinates with facilities security; recommends improvements.
• Safeguards computer files by performing regular backups; developing procedures for source code management and disaster preparedness; recommends improvements.
• Determines the sensitivity of the data in order to recommend the appropriate security needs.
• Develops proposals for, and consider cost effective equipment options to satisfy security needs.
• Communicates with the technical team, management team and users companywide if data security is breached.
• Designs infrastructure to alert the technical team of detected vulnerabilities.
• Evaluates new technologies and processes that enhance security capabilities.
• Supervises changes in software, hardware, facilities, telecommunications and user needs.
• Defines, implements, and maintains corporate security policies. -Analyzes and advises on new security technologies and program conformance.
• Creates, tests, and implements network disaster recovery plans. -Recommends security enhancements and purchases.
• Trains staff on network and information security procedures.
• Develops security awareness by providing orientation, educational programs, and on-going communication.
• Recommends modifications in legal, technical and regulatory areas that affect IT security.

Thanks,

Nandit