Role Purpose

The primary function of the Information Security Engineer is to safeguard BetaNXT’s data and network infrastructure from potential threats posed by internal or external malicious actors. In this role the Information Security Engineer will design solutions, implement best practices, and assure that sufficient technical, physical, and administrative security controls are in place to manage security risk and improve BetaNXT’s security posture. 

Consequently, the position requires both an understanding of legacy systems, as well as modern technologies. 

This role reports to the Head of Security and Compliance.

Role Responsibilities

• Assist with implementation, management, and administration of privilege access management tool (PAM) for enterprise platforms and applications.
• Assist with management of self-service password management solution.
• Performs analysis of the organization's network and systems security, monitoring, and alerting needs and contributes to design of network and system architecture.
• Support incident response activities, ensuring security incidents are properly identified, contained, eradicated, and recovered from.
• Assist in the production and tracking of metrics for the effectiveness and maturity of security processes.
• Assisting with the installation and configuration of network security architectures, including firewalls, Demilitarized Zones (DMZ), router ACLs (Access Control Lists), and web content filters.
• Support in the development of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification, and destruction.
• Provides technical input to projects along with implementation support to network services and infrastructure design teams.
• Partner with vendors to maintain and enhance security technologies.

• Design, update, and maintain standard operating procedures for security system administration.

• Analyze, review, monitor, and reassess the adequacy of information security provisions in vendor and customer contracts.

• Monitor and review requests for change to assure they do not introduce any security and/or compliance risks to the enterprise and meet security requirements, guidelines, and compliance requirements.

Requirements

• Bachelor’s degree or equivalent in an IT/Security related discipline.
• At least 2-3 years of experience in the cyber, information security and risk management disciplines for a global financial services or other highly regulated organizations.
• Experience and knowledge of industry IDS/IPS, logging, vulnerability, monitoring, firewall technology, wireless security, Anti-virus protection, OS patching, data loss prevention and SIEM technology and solutions.
• Knowledge of regulatory compliance regulations like (NIST, SAN, ISO, SOX, PCI and PII) 
• Experience with AWS and Azure cloud platform as a service (PaaS) security.

Personal Skills and Capabilities

• Strong interpersonal and relationship building skills
• Strong verbal and written communication skills, with ability to communicate technical information to non-technical stakeholders
• Ability to work well under pressure – particularly during a security incident or regulatory audit
• Displays an analytical and problem-solving mindset