Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Systems Security Engineer
Company Lifespan
Location Providence, RI
Preferred GIAC Certifications GSEC
Travel 0%
Salary Not provided
URL https://jobs.lifespan.org/search/jobdetails/systems-security-engineer/89490bf5-15f1-46ad-a1bc-fd42feae8c52
Contact Name Scott Lussier
Contact Email scottlussier/at/gmail.com
Expires 2021-04-21

Job Description

Summary:

The Systems Security Engineer is a critical member of the Chief Information Security Officer's (CISO's) team. This is a hands-on role that requires a high level of technical and analytical expertise. Responsible for a broad range of tasks, including the day-to-day administration of information security tools such as Mobile Device Management (“MDM”) and Network Access Control (“NAC”), the creation of security documentation, and the research and implementation of new security suites.

Responsibilities:

Researches and assists in the piloting and evaluation of new tools, technologies, technical controls, and processes to support and enforce defined security policies.

Evaluates the security posture of the mobile platforms, IOT, and other devices, to make determinations on whether devices should be allowed and apps should be whitelisted from an information security perspective.

Compares security coverage from a platform perspective (Android, iOS, OSX) and determines any gaps or inconsistencies.

Reviews current security standards, policies, and configuration around Mobile environment.

Develops reporting and remediation strategies for vulnerabilities/misconfigurations identified in the enterprise Mobile or Device space.

Participates in a variety of information security functions – Solution Design, Incident Response and Vulnerability Management.

Works with various infrastructure teams and business units to ensure policy compliance and adherence to security best practices.

Monitors system logs, SIEM tools and network traffic for unusual or suspicious activity. Interprets such activity and makes recommendations for resolution

Assists in the development and documentation of security architecture, policies, standards, and procedures.

Collates security incident and event data to produce monthly management and exception reports.

Works with outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

Participates in the operation of incident management, including detection, response and reporting.

Contributes to a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

Participates in security projects and provides expert guidance on security matters for other IT projects.

Ensures audit trails, system logs and other monitoring data sources are reviewed periodically and in compliance with policies and audit requirements.

Assists Lifespan staff in the resolution of reported security incidents.

Participates in security investigations and compliance reviews, as requested by internal or external auditors.

Researches and assesses new threats and security alerts, and recommends remedial actions.

Performs other duties as assigned.

Other information:
EXPERIENCE:

A minimum of ten years of IS experience, with five years in an information security role.

A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.

Certifications Required (3 or more - CISSP, CCSP, OSCP, OSWP, CISA, CRISC, GIAC, CEH, Security+, CCNA Security, CCNP Security, JNCP, PCNSE)

Expert level in security best practices and regulatory requirements.

Demonstrated information security experience around Mobile platforms (iOS, Android, OSX)

Mobile Device Management Experience (Microsoft Intune is current tool, would accept other branded MDM solutions)

Network Access Control Experience (Forescout, Cisco, etc.)

Intermediate level with Wireshark and/or equivalent packet capture and analysis

Strong understanding of networking technologies from architecture best practices to packet analysis

Experience with patch management, device hardening, configuration auditing and other end point security best practices.

Intermediate level cryptography and cryptanalysis.

Expert in Public Key Infrastructure

Experienced in the use of virtualization technologies

Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.

Excellent technical knowledge of mainstream operating systems [for example, Microsoft Windows and Linux] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.

Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.

Strong written and verbal communication skills.

Ability to communicate security guidance to a non-technical audience.