Skip to main content
Security Engineer

Job Alert: IT Security Engineer

By June 25, 2016June 27th, 2016No Comments

IT Security Engineer

Stone Arch Services has a client in need of a full-time IT Security Engineer for a nonprofit company that sponsors programs to help students and families plan and pay for college.  The company works with schools and loan servicers to lower student loan default rates, promote financial literacy and provide resources to support student loan borrowers to successfully repay their loans.

For postsecondary institutions, this company offers a suite of services that includes financial literacy, student loan repayment counseling and default prevention. This line of business is a natural adjacency to their role as a guaranty agency as it expands the reach to help student loan borrowers successfully meet their student loan obligations.

This is a really great company with a great mission.  The benefits are also very strong.  The corporate office is currently in Oakdale, but will be moving to Washington Ave in Minneapolis in September 2016.

Description

Position Summary: Ensures the secure operation of the in-house computer systems, servers, and network connections. This includes occasional analysis of server and firewall logs, network traffic, establishes and updates virus scans, and troubleshooting. Analyzes and resolves security breaches and vulnerability issues in a timely and accurate fashion. Conducts user activity audits to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

  • Participates in the planning and design of enterprise security architecture
  • Participates in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures)
  • Provides Information Security subject matter expertise regarding the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan
  • Maintains up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors
  • Evaluates and recommends additional security solutions or enhancements to existing security tools to improve overall enterprise security
  • Participates in the planning, deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions
  • Maintains up-to-date baselines for the secure configuration and operations of all in-place devices (i.e., security tools, workstations, servers, network devices, etc.) through anti-virus, spam, and malware administration and management, including security applications and hardware
  • Participates in the design and execution of vulnerability assessments, penetration tests and security audits
  • Reviews security alerts and vulnerabilities, and communicates accordingly with appropriate department leaders and data owner and managers; reviews agency information systems and provides written reports of potential security risks and recommended solutions
  • Oversees management reporting regarding the IT departments overall network security program
  • Participates in the incident reporting and incident response processes and procedures to address security incidents and breaches, and reports of violation of policy; serves as a point of contact for information security inquiries and audits
  • Collaborates with the Network Engineering team regarding network security, including firewall administration, web proxy administration, and intrusion detection/prevention systems
  • Creates and maintains documentation of network security configurations and processes
  • Participates as a senior member of the Security Operations Center (SOC) in the effective detection, analysis, containment, and eradication of attacks
  • Works with internal and external project managers to complete projects on time, and leads or participates in IT projects to provide information security expertise, guidance, or training
  • Provides mentoring to junior members of the team as needed
  • Complies with all company Group Policies
  • Performs other duties as assigned

Qualifications

EDUCATION and EXPERIENCE Required:

  • High School Diploma or GED
  • 5+ years of IT experience with a focus on governance, security incident response, and compliance required

Preferred:

  • Post-secondary degree
  • One or more of the following certifications:
    • GIAC Security Fundamentals
    • Certified Information Systems Security Professional (CISSP)
    • Cisco Certified Security Professional (CCSP)
    • Cisco Certified Network Professional-Security (CCNP-Security)
    • CEH
    • CISM
    • CISA
  • Experience preferred on the following:
    • Anti-Virus, Spam and Malware Tools, Management and Administration
    • Incident Response Practices and Procedures
    • Firewall Management and Administration
    • Security information & Event Management (SIEM) and Logging
    • Vulnerability Assessment Practices/Technology (i.e., Operating Systems, Network, Application, Database, and Web)
    • Penetration testing ability and knowledge
    • Security Industry Standards, such as ISO, NIST, FISMA, and PCI
    • Information Security Policy and Standards
    • Information Security Risk Assessment and Audits
    • Computer Forensic Practices and Procedures
    • Scripting knowledge (python, Perl, some shell, Linux scripting)
  • Experience preferred with McAfee, Cisco, Juniper, Sourcefire, Symantec, Qualys, Orion, Lieberman, SIEM tools (all: or similar products)

KNOWLEDGE, SKILLS and ABILITIES Required:

  • Proven analytical and problem-solving abilities
  • Ability to effectively prioritize and execute tasks in a high pressure environment
  • Excellent written, verbal, and interpersonal communication skills with the ability to have one-on-one communication as well as to a large group
  • Ability to conduct research into IT security issues and products as required
  • Ability to maintain confidentiality required
  • Ability to logically and creatively analyze and correlate disparate events and draw relevant conclusions to contribute to process improvement and incident remediation
  • Ability to respond immediately to information security threat situations that negatively impact the company
  • Displays and promotes high standards of ethical conduct and behaviors consistent with the company’s core values and government standards
  • Ability to effectively organize, plan, control and prioritize concurrent work. Ability to regularly communicate progress to appropriate stakeholders. Efficiently manages resources and understands work and project scope, key players, urgency, inherent risks and business benefits
  • Ability to consistently carry out job responsibilities to meet deadlines, while demonstrating independent work skills
  • Demonstrates the ability to, independently and within a team, analyze, identify and solve problems and implement secure solutions to meet business needs.
  • Ability to anticipate, understand and manage customer expectations and appropriate service delivery