Full Time, Employee
- Architects, designs, implements, maintains and operates information system security controls and countermeasures.
- Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance.
- Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets and monitors for compliance.
- Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
- Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.
- Administers authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
- Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
- Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
- Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs.
- Network Security: Knowledge of firewalls, intrusion detection systems, anti-virus software, and data encryption.
- Operating Systems: Proficiency in Windows, Linux, and other operating systems, understanding their vulnerabilities and security settings.
- Cloud Security: Understanding the security aspects of cloud platforms preferably Azure, and AWS.
- Endpoint Security: Knowledge about securing end-user devices like computers and mobile devices.
- Security Information and Event Management (SIEM): Familiarity with tools like Sentinel, Splunk used to monitor, detect, and respond to security events.
- Web Application Security: Understanding threats related to web applications, such as cross-site scripting (XSS) and SQL injection.
- Incident Response: Ability to handle security incidents, determine the cause, and take corrective action.
- The Systems security engineer is responsible for analyzing, planning, implementing, maintaining, troubleshooting and enhancing large complex systems or networks consisting of a combination that may include virtual machines, servers, personal computers, mobile devices, LANS, WANs, servers, cloud blob storage and the physical and logical components that integrate these systems together as an enterprise networking backbone.