Information System Security Engineer

Tyto Athene is searching for an Information Systems Security Engineer. The Information Systems Security Engineer provides technical security administrative duties for infrastructure related to firewalls, encryption, intrusion detection systems, vulnerability scanning, security monitoring tools, authentication, web filtering, identity management, access control systems, and their associated logs and processes.

Responsibilities:

• Ensures compliance with CMMC 2.0, ISO 27k and other frameworks
• Perform vulnerability testing, remediation planning, risk analysis, security assessments and make updates to the assessment as required
• Monitors SLAs for responsiveness and coverage; act as liaison with MSSP
• Track and document system security findings, audit results, and compliance reporting.
• Collaborate with program and IT staff to resolve identified security issues and risks.
• Reviewing network security settings and configurations against industry benchmarks
• Define access privileges, control structures, resources, system hardening guidelines
• Monitor, respond, investigate, and remediate security alerts and/or incidents
• Maintain and test Information Security Incident Response Plan, and related procedures and standards
• Works with 3rd Party auditor to maintain up to date policies, procedures, and standards
• Participates as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developments
• Identification of tool / solution needs and requirements working with technology support teams to coordinate setup and deployment
• Attending cyber security related events and networking with industry peers to inform engineering and operations processes of effective risk mitigation strategies for cyber-attacks

Required:

• Has the ability to multitask and maintains a positive attitude during difficult times
• Demonstrates strong verbal and written communication skills
• Compliance / Risk / Audit background
• Ability to work effectively with technical and non-technical employees
• A foundational understanding of security technologies commonly leveraged to support a large-scale, multi-platform enterprise environment (system and/or security support for Windows, Mac, Unix, and mainframe platforms)
• Familiarity with system security plans (SSPs), Plan of Action & Milestones (POA&M), certification and Accreditation packages, architecture diagrams, contingency plan, incident response plan, and other documentation audit preparation
• 4 or more years of experience in information systems, cyber security compliance, or IT Security Role

Certifications or Licensing:

• Security
• CISSP or CEH
• Zscaler cert a plus
• MCP Windows Server 2022
• MCP Windows 11