IT Security Engineer, Sr

» IT Security Engineer, Sr
Information Technology
in Tampa
, FL
Reference: 19-02877

Description:

Serves as a key technical subject matter expert in the development, implementation and maintenance of IT Security related projects and controls that are required to safeguard the company’s information and technology assets and to ensure compliance with all applicable laws and regulations impacting the company.

Key Duties and Responsibilities:

  • Evaluates, designs, develops, implements and/or integrates security solutions
  • As a subject matter expert, builds, consults, validates, and verifies system and application security designs
  • Leads, performs or reviews security incident investigations
  • Designs, implements, tests security controls and manages the associated remediation if needed
  • Assist in formulating security architecture recommendations and design security services
  • Perform project leadership tasks on select security projects including development of requirements, evaluation of competing products, selection and implementation of products
  • Consults, validates and verifies system and application security designs
  • Evaluates implements and/or integrates security solutions
  • Assist in developing responses to internal & external audits, penetration tests and vulnerability assessments
  • Recommends and coordinates the application of fixes, patches, & recovery procedures in the event of a security breach
  • Research emerging technologies in support of security enhancement and development efforts
  • Conduct risk assessments, penetration tests and diagnose internet/extranet security, intrusion attempts, and cyber-crime response
  • Validates and verifies system and application security requirement definitions and analysis

Education:

  • A Bachelor’s Degree in Computer Science or in an IT related field
  • Experience 2 additional years of IT related experience may be substituted for degree Required

Work Experience:

  • 8+ years of experience in IT related field
  • 2+ years of experience in Information Security
  • Significant experience doing internal and external penetration testing i.e. white hat hacking
  • Solid experience with application security practices (Secure coding, OWASP Top 10)
  • Information Security Auditing experience

Licenses and Certifications:

  • Certified Information Systems Security Professional (CISSP)
  • GIAC Penetration Tester (GPEN)
  • GIAC Certified Incident Handler (GCEH)

Skills:

  • Ability to work as part of a team

Technology:

  • Strong Knowledge of Security Frameworks (ISO 27002, NIST 800-53, COBIT, HITRUST)
  • Knowledge of security regulations and standards (HIPAA, HITECH, SOX, PCI etc.)
  • Hands on experience with Firewalls, DLP, Vulnerability Assessment tools (infrastructure and application) IDS/IPS, SIEM, 2 factor authentication, static and dynamic code analysis tools etc.
  • Strong knowledge of common operating systems (Windows, UNIX) and authentication (Active Directory, Centrify)
  • Proficient with Microsoft Word, Excel, SharePoint, PowerPoint, Access & Project
  • Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, eDiscovery & forensics software, and security incident response etc.
  • Strong understanding of and familiarity with application and network security

Level of Supervision Received:

  • Functions independently within broad scope of established departmental policies/practices; generally refers specific problems to supervisor only where clarification of departmental operating policies/procedures may be required