Sr. Security Engineer
New York, NY (Remote start due to COVID)
As the Senior Security Engineer, you will report to the Director of Information Security and Compliance and will also work closely with the Director of Technology Operations to proactively identify and resolve security risk, issues and security incidents. You will assess information risk and facilitates remediation of identified vulnerabilities with network, systems and applications, create reports on findings and recommendations for corrective action, and perform vulnerability assessments as assigned utilizing IT security tools and methodologies. You will also perform assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the Vendor Management. You will maintain oversight of IT vendors regarding the security maintenance of their systems and applications.
· 5+ years of experience in security roles with increasing responsibility
· 3+ years of experience in a Security Operations Center, or Continuous Monitoring role
· Experience with QRadar and Qualys, or other Continuous Monitoring and vulnerability scanning
· Preferred Certifications: ISC2, SANS, ISACA, or other recognized security professional credentialing organization.
· Hands On infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
· Experience implementing SOX, PCI, ISO, NIST 800-53, NIST CSF, CIS / SAN Critical Controls are a plus
· The ability to effectively communicate security and risk-related concepts to technical and nontechnical audiences
· Ability to operate with minimal supervision; a self-starter that can identify and fix problems without being told to fix an issue
· A bachelor's degree in information systems, engineering or equivalent work experience
· Assure alignment with CIS benchmarks controls are applied and configurations are maintained throughout the enterprise as part of the continuous monitoring
· Lead and assist in security risk assessments for systems and applications Address questions from internal and external audits and examinations.
· Develop policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including SOX, PCI, COPPA, FERPA, GDPR, CCPA.
· Perform vulnerability assessments as assigned utilizing IT security tools and methodologies.
· Perform assessments of the IT security/risk posture within the IT network, systems and software applications.
· Administer authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
· Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
· Investigate security breaches and lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.