IT Security Engineer
NYC 10019
Schedule: Hybrid (typically 3 days onsite, 2 days remote)
Summary
The IT Security Engineer plays a crucial role in maintaining and enhancing the organization's security posture. This position involves conducting security assessments and reviews for corporate desktops, servers, applications, and network infrastructure. The role requires strict adherence to security policies and ensures compliance with external audit requirements.
Key Responsibilities
- Vulnerability Management: Conduct and manage vulnerability scans, remediation, and follow-ups across all systems.
- Penetration Testing: Organize and oversee penetration tests, including remediation tracking.
- Purple Team Exercises: Lead purple team exercises, ensuring effective remediation and follow-up.
- Firewall Management: Conduct annual firewall rule reviews and manage rule change requests.
- Cybersecurity Expertise: Provide cybersecurity guidance for IT and security-related projects.
- Audit Response: Address internal audit findings through control development and documentation.
- Network Architecture Review: Evaluate network design for security compliance.
- Regulatory Compliance: Ensure company-wide adherence to IT security standards (FFIEC, NIST) from Head Office.
- Cybersecurity Controls: Perform ongoing security control measures.
- Risk Monitoring: Report Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) to support continuous monitoring.
- Policy Maintenance: Update local security policies, procedures, and standards as needed.
- Asset Discovery: Conduct scheduled host discoveries to ensure all desktops and servers meet standards.
- Security Tools Management: Ensure tools like AV, DLP, and patch agents are active and monitored.
- Automation Optimization: Automate IS security controls and processes through scripting and tools.
- Patch Assessment: Perform security patch assessments to validate server and desktop compliance.
- Industry Awareness: Stay updated on IT security and cybersecurity trends.
- Threat Mitigation: Develop and maintain controls to address cybersecurity threats, including malware and persistent attacks.
- Backup Role: Serve as backup for IT Security Engineering Manager.
- Awareness Campaigns: Support and promote IT security awareness initiatives.
