The Information Security Engineer Senior is responsible for designing, implementing and maintaining Logix technical cybersecurity controls, in alignment with business, policy and compliance requirements.
- Establishes foundational security capabilities as mature service offerings that allow for a seamless user experience. Initiates, coordinates and monitors progress on approved information security initiatives.
- Establishes and applies risk management principles for consistent tracking and measurement in compliance with industry standards.
- Supports governance, risk and compliance programs and leads maturity efforts including external regulator, auditor, and senior leadership information and materials.
- Assesses and analyzes employee risk due to accidental, incidental, and awareness security issues. Conducts scheduled penetration testing, simulating attacks on systems to find exploitable weaknesses.
- Engineers security solutions efficiently with a minimal technology footprint where possible while ensuring security. Researches, analyzes, and recommends security products, services and tools as needed.
- Audits identity and access methods to ensure a zero-trust framework for both production and development business application systems.
- Works with IT, business teams and vendors on security program initiatives and resolves security related issues through leadership of projects and technical implementations.
- Leads incident response, including steps to minimize impact. Conducts technical and forensic investigations into the source of exploits and the extent of impact.
- Performs forensic collection of evidence including retrieval, handling and chain-of-custody, processing and reporting with discretion and integrity.
- Performs scripting and customization of required reports and dashboards for technical and executive audiences in both IT and business units. Demonstrates a mastery of system and peripheral logs and packet telemetry.
- Provides consistent security guidance that enables new products and solutions to be built securely while validating and or measuring the efficiency of our security posture to include technology reviews, vulnerability assessments, and technical business risk assessments.
Education
Min/Preferred:
- Minimum- 4 Year / Bachelors Degree
- Preferred -Graduate Degree
Description:
- Bachelor’s degree in a related field or equivalent experience is required.
- Master's degree in computer science, information systems, or any other related discipline
- One of the following technical certifications: MCP, CCNA, CCNP or equivalent
- One of the following security certifications: CEH, Security +, SSCP, SANS GIAC, or equivalent
Experience
Minimum Years of Experience:7
Preferred Years of Experience:12
Comments: Must have at least 7 years information security experience, preferably in the financial services industry.
Knowledge, Skills & Ability •Expertise with endpoint security technologies (Intune, Crowdstrike EDR, Tanium UEM), and CIS operating system hardening.
•Expertise with Active Directory, Okta SSO/MFA, CyberArk PAM, Sailpoint IdentityNow and other relevant IAM technologies.
•Subject matter expertise of network security technologies, their implementation, operations and limitations, including - Firewalls (Palo Alto, Panorama), VPNs, Network IDS/IPS solutions, Network monitoring solutions (NDRs), Network Access Control solutions (Forescout), IPSec and TLS based VPNs, Email security.
•Strong understanding of networking protocols and the OSI model.
•Strong knowledge of business, network systems, hardware concepts, and applications including DNS, LDAP, virtualization, database design/hardening, e-mail/secure messaging, Data Loss Prevention, and end point protection.
