Information System Security Engineer - Permanent
Location: Medford
Posted on: November 18, 2024
|
|
Job Description:
POSITION SUMMARY: Security specialist responsible for protection
of information and information systems from unauthorized access,
use, disclosure, disruption, modification or destruction; physical
and personnel security to protect information and other valuable
assets physically stored within facilities and installations; as
well as communications and network security to protect electronic
information in transit over networks.
>
> This position will have direct involvement in a wide range of
concerns and projects including the development of secure
architectures and methodologies requiring security best practices
and use of industry standards, such as ISO 27002, etc. Guiding
compliance to major governance and regulatory standards such as PCI
DSS, MA Data Privacy and SASE 16 is a key position goal. Deploying
and maintaining enterprise encryption and endpoint security both
for managed and unmanaged assets, performing forensic
investigations and reporting / documenting conclusions of such
investigations is required. Front line management of security
events and information management systems maintaining security is
also required.
>
> ESSENTIAL FUNCTIONS:
> Maintain necessary documentation to support security strategy
by outlining the requirements and benefits of specific security
tools and/or solutions. Maintain and update security documentation
including diagrams, security standards, and disaster recovery
manuals.
> Interface with groups and individuals to resolve security
issues related to implementation of network and product
security.
> Application of specific security skills to design, develop,
deploy, monitor, maintain, and control the suite of tools used by
the Information Security team.
> Apply current security technologies to the design and
integration of enterprise application infrastructures to maintain
overall security.
> Use penetration and vulnerability analysis of various products
and applications, and provide skillful, resourceful written reports
including deep technical analysis and high-level non-technical
overview.
> Assist in monitoring, investigating, documenting in detail and
resolving identified security weaknesses, and recommend documented
resolutions for enhancement.
> Desired Skills and Experience
>
> EDUCATION: Bachelor's degree in Engineering or Computer
Science or equivalent combination of education and work experience.
Desirable certifications: CISSP, CCIE Security. UNIX & Microsoft
certifications a plus
>
> EXPERIENCE: 5 - 10 years information security or related
engineering experience. Fundamental understanding of risk-based
information security management, as well as knowledge of applicable
regulations, standards, and guidelines pertaining to information
assurance (FIPS, NIST, ISO Standards). Ability to work with the
development, integration, and infrastructure teams in implementing
security controls. Ability to articulate vulnerability and risk
based on technical security posture. Ability to support the
development of system level plan of action and milestones.
Experience working on Microsoft-based, complex systems in the
security engineering role using the security features of Windows
2003/2008 Server products, Windows XP/7, IIS, Sharepoint, Exchange
and SQL Server products. Experience as a security engineer or
systems engineer including systems architecture, evaluation,
requirements analysis, implementation, and process
execution.
Keywords: , Somerville , Information System Security Engineer - Permanent, IT / Software / Systems , Medford, Massachusetts
Click
here to apply!
|