Progilisys

  • Sr. IS Security Engineer

    Job Locations US-AZ-Phoenix
    Posted Date 1 month ago(12/12/2018 4:40 PM)
    Job ID
    2018-2244
    # of Openings
    1
    Category
    Information Technology
  • Type

    Contract to Hire

    Type Details

    Direct, W2 - Direct, 1099 - Direct

    Complete Description

    Our Customer located in Phoenix, AZ is seeking a Sr. IS Security Engineer who will be responsible to actively promote, maintain and validate the availability, integrity, and confidentiality of the organization information assets in compliance with company security policies, standards and best practices. Responsible for identifying, purchasing and implementing the appropriate security tool set to assess the company's infrastructure and applications environment. Responsible for implementation and administration of the process that tracks the active status and access level for Administrator, Service, and 3rd party, accounts. Provide technical security leadership and oversee the implementation and administration, in collaboration with Other Information Technology (IT) teams, of security tool sets including network and host-based intrusion detection systems, vulnerability analysis scanning tools; Syslog server, wireless network intrusion detection system, anomaly detection and reporting. Conduct enterprise wide vulnerability assessment scheduling, communications, report generation and problem resolution. Consult with IT personnel on findings to identify technical, procedural or people related vulnerabilities. Assist auditors with their vulnerability scanning requirements and validate internal security documentation is relevant and up to date.

     

    Key Responsibilities

    • Evaluates and implements security controls to meet or exceed the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) and the Federal Information Processing Standards (FIPS) in “high” information classification boundary.
    • Implements Information Security Technology, Physical Security Controls and Federal data security requirements.
    • Proactively plans security systems by evaluating network and security technologies; develops requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security, network devices and workstations; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to federal and industry standards.
    • Plans delivery of solutions; answers technical and procedural questions from less experienced team members; teaches improvement processes; mentors team members and provides security technical leadership to other Information Security and Information Technology team members.
    • Determines security requirements by evaluating business strategies and requirements; researches information security standards; conducts system security and vulnerability analyses and risk assessments; studies architecture/platform; identifies integration issues; prepares cost estimates for review by Manager, Information Systems Security.
    • Verifies security control compliance by developing, implementing and maintaining test scripts.
    • Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducts incident response analyses; in collaboration with Training department, develops and conducts security education and training programs.
    • Upgrades security systems by monitoring security environment; identifies security gaps; evaluates and implements enhancements.
    • Prepares system security reports by collecting, analyzing, and summarizing data and trends.
    • Tracks and understands emerging security practices and standards; participates in educational opportunities; reads professional publications; maintains personal networks; participates in professional organizations.
    • Authors security system and application processes for both operation and management, including as-build service configuration documents
    • Performs detailed and routine assessment to ensure use of established security policies, practices and expectations across all platforms, operating systems and applications.
    • Drafts and recommends changes to Security Policy, Procedures, Standards and Guidelines to meet or exceed corporate or contractual security requirements.
    • Conducts network/system forensics and traffic analysis using protocol and intrusion detection analyzers.
    • Prepares system security reports by collecting, analyzing, and summarizing data and trends.
    • Accepts ownership for accomplishing new and different requests; explores opportunities to add value to job accomplishments.
    • Performs other duties as assigned
    • Regular and reliable attendance and on call availability is required.

     

    Working Conditions

    • Limited infrequent travel may be required to work at remote locations to present security awareness material or to assess information security posture
    • Act as a primary point of contact for all information security related incidents requiring consultation or response, 24-hour accessibility
    • Provide high level of customer service to employees, business leadership and IT
    • Work in a cubed office environment with multiple computers and monitors
    • Heavy computer usage and documentation review
    • Extensive computer work with prolonged sitting
    • Requires successful completion of a background check

     

    Education & Experience

    Required

    • High School Degree or GED
    • 7 years of directly related experience in information technology; 5 of which must be in information security programs to include the development, implementation and administration of information security controls, solutions and programs.

     

    Preferred

    • Bachelor's degree in Computer Science, Computer Information Systems, Criminal Justice or Business
    • Relevant industry recognized certifications (such as CISSP, SSCP, etc.
    • Experience in a role that has lead security operations, security tools and solutions, secure applications and networking in the implementation of  NIST and Security Best Practices to meet or exceed compliance with the FISMA Moderate/High requirements.
    • Experience in a role that has designed and implemented FISMA Moderate/High controls with a heavy emphasis on secure application programming and secure application design.
    • Experience in secure network design and protocols. Direct technical experience in building, conducting and performing penetration testing, audits and assurance programs in compliance with FISMA Moderate/High, HITRUST, URAC and/or similar data security requirements.

     

    If you are interested or know of someone qualified for this position, we offer an excellent referral compensation program.  Please send us your resume or your referrals contact information immediately.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed