Position Summary Reporting directly to the Vice President, Compliance & Security Services, The Senior Security Engineer assists clients with their information security programs and project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, performing penetration testing, ethical hacking, vulnerability assessments, web application assessments, reverse engineering, social engineering and standards in the context of projects and business scenarios to help the business operate securely. This role has a significant component in defining security requirements and ensuring that all projects meet these requirements, or that exceptions and issues are noted and remediated as appropriate. Excel at providing comprehensive secure network design, systems analysis, and full lifecycle project management. This position requires the ability to travel between 30-50%.

Essential Duties and Responsibilities

Engineer, implement and monitor security measures for the protection of computer systems, networks and information Perform Vulnerability Assessments, Penetration Test, Ethical Hacking, Firewall Assessment’s, Social Engineering engagements Identify and define system security requirements Design system security architecture and develop detailed security designs Prepare and document standard operating procedures and protocols Configure and troubleshoot security infrastructure devices Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks Ensure that the company knows as much as possible, as quickly as possible about security incidents Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement Provide post-sales technical expertise during the installation, implementation and maintenance of cyber security products, following detailed customer installation requirements Assess existing controls to determine level of security, inclusive of: their maturity, state of compliance, and their level of protection Supports PCI-DSS & HITRUST gap analyses and assessments of business process Supports sites in testing, documentation and issue resolution associated with cyber security programs Perform comprehensive threat/risk assessments and business impact analysis of current system, data, application and technology environments to determine possible internal and external threats to information assets, and identify security measures required to counter such threats Participate in the development and implementation of the enterprise security architecture and supporting security standards to ensure compliance with corporate policies, and relevant legislative and regulatory requirements Perform technical security reviews or assessments to ensure targeted systems, networks, applications and/or data follow corporate policies and standards

Qualifications

Proven working experience in building and maintaining security systems Detailed technical knowledge of database and operating system security Hands on experience in security systems, including firewalls, intrusion detection systems, anti- virus software, authentication systems, log management, content filtering, etc Experience with network technologies and with system, security, and network monitoring tools Thorough understanding of the latest security principles, techniques, and protocols Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols Problem solving skills and ability to work under pressure Proven track record of successfully delivering business requirements to time and budget constraints A thorough understanding of the best practices for services execution Knowledge of Security Governance, Risk Management and Compliance Demonstrates advanced knowledge of the principles, best practices architecture and design approaches to applicable capabilities, services and standard controls that fall under the scope of NIST, ISO, CIS, PCI, HITRUST Certification as an ASV (PCI Approved Scanning Vendor) or CISSP, CEH, CISM, would be an asset

Education and/or Experience

A university degree in Computer Science, Engineering, or a field which relates to the role Security certification such as CISSP, CISA, CISM, SANS GIAC, CEH Five (5) years of Information Security experience in Security Governance, Risk and Compliance practices and methodologies Experience with performing cyber security assessments and familiarity with industry cyber security tools or experience auditing systems Experience of security hardening techniques and policy development, particularly with regards to secure software development methodologies and process Previous experience in compliance programs including pre-assessment or assessment and gap remediation programs