Sr. IT Security Engineer

Information Technology
in Tampa
, FL
Reference: 19-02252

Essential Functions:

  • Evaluate, design, develop, implement and/or integrates security solutions
  • As a subject matter expert, build, consult, validate, and verify system and application security designs
  • Lead, perform or review security incident investigations
  • Design, implement, test security controls and manage the associated remediation if needed
  • Assist in formulating security architecture recommendations and design security services
  • Perform project leadership tasks on select security projects including development of requirements, evaluation of competing products, selection and implementation of products
  • Consult, validate and verify system and application security designs
  • Evaluate, implement and/or integrate security solutions
  • Assist in developing responses to internal and external audits, penetration tests and vulnerability assessments
  • Recommend and coordinate the application of fixes, patches, and recovery procedures in the event of a security breach
  • Research emerging technologies in support of security enhancement and development  efforts
  • Conduct risk assessments, penetration tests and diagnose Internet/extranet security, intrusion attempts, and cyber-crime response
  • Validate and verify system and application security requirement definitions and analysis

Minimum Qualifications:

  • A Bachelor’s degree in Information Security/Computer Science required or equivalent work experience required
  • Preferred 8+ years of experience in information security program development and execution required
  • A history of working in collaborative, team-oriented environments with a commitment to results and a proven track record of accomplishments
  • Other significant experience doing internal and external penetration testing i.e. white hat hacking
  • Information security auditing experience
  • Other solid experience with application security practices
  • GIAC Penetration Tester (GPEN) GIAC Certified Incident Handler (GCEH) or equivalent required
  • Strong Knowledge of Security Frameworks (ISO 27002, NIST 800-53, COBIT, HITRUST)
  • Knowledge of security regulations and standards (HIPAA, HITECH, SOX, PCI etc.)
  • Hands-on experience with firewalls, DLP, vulnerability assessment tools (infrastructure and application) IDS/IPS, SIEM, 2 factor authentication, static and dynamic code analysis tools etc.
  • Strong knowledge of common operating systems (Windows, UNIX) and authentication (Active Directory, Centrify)
  • Proficient with Microsoft Word, Excel, SharePoint, PowerPoint, Access and Project
  • Must be able to perform hands-on support for a wide range of security  technologies including, but not limited to mSEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners,  eDiscovery and forensics software, and security incident response etc.
  • Strong understanding of and familiarity with application and network security