Job Description
Job Description
Security and Compliance Engineer – NIST 800 RMF EXP REQUIRED (REMOTE)
Introduction
Technical Support International (TSI), based in Foxboro, MA, is a provider of outsourced IT and cyber security services for small and medium-sized businesses in New England. TSI has a current offering of remote support, field support, managed and security services (MSP/MSSP) as well as project management for our clients.
TSI works with clients to help identify and manage their cyber security risks that may stem from external/internal cyber threats, identity and access management challenges, online fraud, compliance pressure, or any number of other business and technology issues.
Position Summary
The Security and Compliance Engineer will be a key member within the TSI security division and possess a comprehensive skill set in network security operations, cyber security tools, intrusion detection, and secured networks. This role will work closely with the Security and Compliance Manager to improve clients' security posture.
This position will write security assessments as well as develop policies to address problems and security emergencies and make recommendations to clients. This position requires analyzing the environment, coordinating data gathering, and generating solutions on a day-to-day basis, and assisting with projects and investigations related to threat management and security breaches for clients.
Primary Responsibilities
- Consult and participate in day-to-day security operational activities with clients;
- Confirm and document client vulnerability and security risks and develop mitigation plans;
- Monitor and validate client security controls;
- Respond to security alerts, incidents, and issues;
- Ensure security controls meet multiple compliance needs and best practices;
- Conduct, write, and present client Security and Risk Assessments using recognized frameworks (NIST SP 800-171 and PCI DSS v3.2 or other security compliance frameworks);
- Create accurate network diagrams and documentation for planning security-based changes, investigating network impact, and issuing resolution procedures;
- Coordinates and tracks security awareness training to the organizational workforce on information security standards, policies, and best practices;
- Consistently review relevant Cyber Security Compliances to educate clients and TSI on revisions and changes in requirements;
- Assist in investigating security breaches by leading the incident response to minimize impact, determine the cause of the breach, and ascertain the extent of the damage;
- Travel as needed for on-site assessments and meetings at client locations. Travel is limited and infrequent.
- Other duties as necessary and required.
Knowledge & Skills
- Experience with network/cyber security engineering: design, implementation, optimization, monitoring, and troubleshooting of LAN, WAN, WLAN, and DR networks;
- Demonstrated best practice usage of security technologies and policy administration: Firewalls, IDS/IPS, DLP, Proxy, Endpoint, Vulnerability scanning and management, SIEM / logging, security groups, and network segmentation, system hardening, incident response, and malware/virus prevention;
- Experience with network security technologies including Rapid Fire, SolarWinds, Sophos, BlueCoat, SonicWALL, Cisco, CrowdStrike, and Splunk;
- Documenting security controls, monitoring, and alerting around these controls;
- Clear understanding of virtualization technologies such as VMWare and Hyper-V;
- Knowledge of multi-tier application architecture on infrastructure and cloud environments;
- Demonstrated skill securing sensitive data in production environments;
- Self-starter with a strong work ethic willing to identify issues and lead them to conclusion;
- Ability to see the big picture and present ideas clearly with demonstrated thought leadership to clients;
- Capable of meeting with clients to discuss cyber security solutions and recommendations.
Technical Qualifications
- Bachelor's degree preferable in Information Technology or other engineering or technical discipline; PLUS
- 6-8 years IT experience and minimum 4 years Cyber Security Information experience;
- One or more Industry security certifications REQUIRED, Certified Information Systems Security Professional (CISSP), CISA Certified Information Systems Auditor (CISA), CISM Certified Information Security Manager (CISM), ISSAP Information Systems Security Architecture Professional (ISSAP), ISSEP Information Systems Security Engineering Professional (ISSEP); (OR equivalent)
- Experience with modern operating systems including Windows 10/11 and Server 2016/2019, macOS, and Linux;
- In-depth understanding of NIST SP 800-171, CIS Controls, and/or other security compliance frameworks;
- Experience in developing organization security policies and implementation of revised policies;
- Experience with endpoint security solutions, including file integrity monitoring and data loss prevention.
Personal Attributes
- Excellent analytical and problem-solving skills;
- Ability to work independently on multiple projects;
- Collaborates and assumes a technical leadership role when required;
- Ability to mentor coworkers on network security best practices;
- Ability to explain network concepts to both fellow technical staff and clients;
- Is effective in prioritizing tasks within a high-pressure competing environment;
- Highly self-motivated and directed, with keen attention to detail;
- Demonstrates excellent oral and written communication skills, fluency in English language;
- Demonstrates an interest in working hard in a fast-paced environment;
- Excels in customer-facing environments and enjoys challenges;
- Strong organizational skills;
Minimum Technical Requirements
- Knowledge of current networking technologies;
- Strong knowledge of configuring and troubleshooting modern operating systems;
- Knowledge of Microsoft Office/ Office 365;
- Knowledge of TCP/IP, DNS, DHCP, and Active Directory;
- Knowledge of LAN/WAN technologies;
- Understanding of firewalls, routers, and VPN/remote access solutions;
- Demonstrated experience with IT Security and Compliance;
- Knowledge of installing and configuring Windows Servers 2008-2012 a PLUS;
- MAC and LINUX experience a PLUS.
Competitive Pay And Benefits:
Health and Dental
Life Insurance
Paid Time Off
Holiday Pay
Discretionary Bonus
Retirement Savings with Employer Matching Contribution
Company Description
Technical Support International, Inc. (TSI) is a leading Managed Service Provider and Managed Security Service Provider in the Northeast. The core of TSI is comprised of expert IT/Cybersecurity professionals offering superior quality of service for over 30 years.
Company Description
Technical Support International, Inc. (TSI) is a leading Managed Service Provider and Managed Security Service Provider in the Northeast. The core of TSI is comprised of expert IT/Cybersecurity professionals offering superior quality of service for over 30 years.