5+ years of experience with managing security controls, to include defining policies and administering devices such as Cisco and Paloaltonet works firewalls, IDS/IPS platforms, DLP devices, e-mail/web filtering solutions
6 + years of technical experience working with security solutions and conducting security operations
6+ years of network security experience and reviewing security tools and solutions and making recommendations on utilization and strategy
6 + years of experience with network protocols, data flows and attacks within an IP environment
5+ years of experience in building configurations for security devices and building an automated process to support large-scale deployment
Extensive knowledge and experience with security software, firewalls, intrusion detection systems and other security systems and network monitoring.
Extensive hands-on technical knowledge of network systems, protocols, and standards such as Ethernet, LAN, WAN and TCP/IP.
Experience as a security specialist in a regulated IT environment including some combination of SOX, HIPAA, GLBA, PCI and responsible for compliance and performing/coordinating audits (1+ years)
3+ years of experience with commercial and open source security applications and technologies (e.g. malware prevention, DLP, IDS/IDP, cryptography, vulnerability scanning and penetration testing), as well as related protocols and tools (e.g. SSH, SSL/TLS, snort, port scanners, rootkit detectors, etc.)
2+ years of experience performing network and application security administration, penetration testing and/or threat assessments ISSP, GIAC certification(s)
2+ years programming/scripting experience – one or more of: C, C++, Java, Perl, PHP, Python, shell
Provide direction to the team for information security policies, standards, and procedures, that adhere to industry best practices.
Responsible for ensuring that the corporate IT environment is secure and complies with all internal and external audit requirements.
Provide direction to the team for Implementing security hardening standards for IT Infrastructure.
Responsible for ensuring corporate Identity Management systems meet industry standards.
Identify potential security risks in Identity Management systems, provide direction to the team foe defining and documenting remediation options or mitigating controls.
Responsible for ensuring corporate Identity Management Systems escalation procedures and response times are established and adhering to.
Define direction for Identity Management Systems ensure alignment with established policies and controls.
Maintain certifications and keep up-to-date with current information technology.
Perform related duties as requested.
Conduct security operations necessary to maintain the confidentiality, availability, and integrity of enterprise data and information systems.
Provide excellent customer service for internal and external customers in support of security initiatives, incident response, and support
Maintenance of security tools and technologies throughout the enterprise environment
Evaluate, design, and implement security related solutions, adhering to established change control processes
Provide technical security planning, implementation, configuration, support and troubleshooting services on all security technologies.
Provide accurate, clear, and concise documentation of system requirements, specifications, and final builds.
Perform all necessary functions associated with the implementation and integration of security tools and platforms into the enterprise environment.
Coordinate with systems and network engineers to ensure servers and network devices conform to security standards, and that security devices and controls are working as designed Assist with the development, implementation, and administration of information security policies, standards, and procedures, adhering to industry best practices
Assist in defining the security strategy and integrating regulatory compliance requirements (e.g., PCI, GLBA) into the organizational security roadmap
Assist in ensuring that the corporate IT environment is secure and complies with all internal and external audit requirements
Implement and maintain cryptographic controls (e.g. data at rest, data in transit) in line with security requirements
Identify potential security risks, and define and document remediation options or mitigating controls
Define and assist in the management of an Incident Response Team that addresses potential or in-progress security events, establishing and adhering to escalation procedures and response times
Review and approve submitted application and systems change requests for security compliance
Provide subject matter expertise, counsel, and input for enterprise-wide information security initiatives, strategies, projects, and policies
Maintain certifications and keep up-to-date with current information technology
Participate in 24x7 on-call rotation