Serves as a key technical member of the IT Security team assisting in the development, implementation and maintenance of IT Security related activities required to safeguard the company's information and technology assets and to ensure compliance with the laws and regulations the company needs to comply with.
Performs or reviews security incident investigations. Assist in formulating security architecture recommendations and security services designs. Perform project leadership tasks on select security projects including development of requirements, evaluation of competing products, selection and implementation of products. Strong understanding of and familiarity with application and network security. Consults, validates and verifies system and application security designs. Evaluates implements and / or integrates security solutions. Assist in developing responses to internal & external audits, penetration tests and vulnerability assessments. Recommends and coordinates the application of fixes, patches, & recovery procedures in the event of a security breach. Research emerging technologies in support of security enhancement and development efforts. Conduct risk assessments, penetration tests and diagnose internet/extranet security, intrusion attempts, and cyber-crime response. Performs other duties as assigned.
- A Bachelor's Degree in Science or equivalent work experience, 2 additional years of relevant experience may be substituted in lieu of degree
- 5+ years of experience in IT related field
- Experience doing internal and external penetration testing i.e. white hat hacking.
- IT Security Auditing Licenses and Certifications Certified Information Systems Security Professional (CISSP) CISSP, GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCEH).
- Strong understanding of and familiarity with application and network security.
- Knowledge of Information Security Frameworks (ISO 27002, NIST,800-53, COBIT, HITRUST, etc.). Knowledge of network security practices & tools (Firewalls, IDS/IPS, DLP,SIEM), Vulnerability Management, Application Security, Penetration testing (white hack hacking).
- Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, eDiscovery & forensics software, and security incident response etc.