What are the responsibilities and job description for the Sr Engineer - Information Security position at Client Resources, Inc.?
Position Overview
This role is ONSITE in OMAHA, NEBRASKA
Job Responsibilities
- The Sr. Engineer Information Security Engineering is an individual contributor role within the Information Security department. The engineering team is responsible for driving security strategy and direction, developing and executing roadmaps, developing and maintaining security policies and strategies, developing re-usable solutions, and acting as subject matter experts in the services and solutions provided to the organization.
- The Sr. Engineer reports to the Director of Information Security Engineering responsible for managing the team.
- The Sr. Engineer is responsible for maintaining security policies, developing solutions, and acting as subject matter expert in safeguarding enterprise systems.
- The role provides preventative, detective, and corrective controls to company information and computing to maintain security, integrity, and accessibility of data.
- Builds and maintains strong relationships with multiple business and technical teams and ensures that the technical security strategy is aligned with those teams’ objectives and the overall business strategy.
- Actively participates as a project team member and/or project team leader if necessary.
- Information Security subject matter expert on a wide variety of departmental and enterprise-wide projects and initiatives.
- Maintains a deep level of expertise in multiple technical domains (e.g., firewalls, intrusion detection/prevention, malware prevention, web content filtering, application security, email monitoring and controls, etc.) and provides/contributes to thought leadership in these areas.
This role is ONSITE in OMAHA, NEBRASKA
Job Responsibilities
- Assist IT staff and end users with technical problems and implementations relative to data and computer system security and access controls Detecting and responding to security violations, and assisting auditors and reporting status of audit issues and managing security-related projects.
- Be prepared to handle threats directed against enterprise networks, hosts, and data on a 7 x 24 x 365 basis.
- Development and execution against visions, strategies, and roadmaps Creation and maintenance of security policies, standards, and security patterns Development of architecture approaches and solutions in the security space, including consulting to the business and IT teams on security requirements and risk management Ensuring the architecture teams acts as subject matter experts and high level support for complex issues Develop and maintain critical vendor relationships with key strategic vendors on products and consulting.
- Assist ISO in Planning, forecasting, and managing capital spend for the team.
- Provide guidance and direction to leadership on key security issues Contribute to the development of security awareness materials relevant to area of responsibility Participate in engagement and project oversight Maintain knowledge and compliance of all industry relevant regulatory requirements.
- Lead or participate in projects and other activities involving the use of security technologies related to the protection of Enterprise systems and data.
- Participate in the planning, development and implementation of data and system security controls.
- Conduct technical security risk assessments and participates in development and execution of remediation.
- Consult on security direction, maintaining a focus on assurance of enterprise information assets.
- Analyze gaps between current and target security architecture.
- Develop and implement strategies to close identified gaps in security architecture.
- System, process, and procedure improvements
- Present security status and project status to management.
- Support for other Information Security Teams as assigned.
- Perform other related duties incidental to the work described herein.
- Excellent communication and customer interface/relationship skills, as well as the ability to effectively coordinate and work with other departments.
- Extensive knowledge of industry and Government standards as applicable to Information Protection and Assurance and knowledge of Information Security best practices and business controls.
- Candidates must have in-depth experience in information security, and a well-rounded knowledge of IT.
- Technical expertise in multiple information security domains. (e.g., firewalls, intrusion detection/prevention, malware prevention, web content filtering, application security, email monitoring and controls, etc.)
- Understanding of application security architecture and secure development best practices.
- Excellent communication, documentation, prioritization and change management skills.
- Ability to make appropriate decisions considering the relative costs and benefits of potential actions.
- Ability to apply varying leadership skills and traits that create solutions to unexpected situations.
- Ability to successfully work and promote inclusiveness in small groups.
- Broad and deep technical knowledge and be able to learn new technologies rapidly and independently.
- Broad knowledge of security policies and practices, including ISO 17799 (27001), Payment Card Industry (PCI), Federal Financial institution regulatory agencies (OCC, FFIEC), and other internal or external governing entities.
- Bachelor's degree in computer science, information systems, business management, engineering, a physical science, or other relevant field is required. Equivalent work experience may be considered as a substitution.
- Minimum of 5 years of relevant experience.
- Regular and predictable attendance is a required function of the job.
- Ability to work independently with limited supervision.
- Ability to recognize and deal appropriately with confidential and sensitive information.
- Participate in conferences and meetings.
- Accept ownership and full accountability for areas of responsibility.
- Very high degree of initiative and passion for the work.
- One or more information security certifications highly preferred (CISSP, CISM, CISA, SANS, etc.)
