InfoSec Engineer

Job Description

Job Description

Request Title : InfoSec Engineer

Work Location : Melville, NY (Hybrid)

Description :

Work location : 3 days onsite per week in Melville, NY.

Note : Bi-lingual (Japanese and English) candidates only.

Scope of Work (not limited to)

Security Member who would report to Security InfoSec director.

Formulation of security policy and its deployment to each department

External scanning and reporting of DMZ public sites using an external vendor (IIJA)

FW Management and Correlation Analysis (SIEM) and Reporting Utilizing External Vendor (NTTA)

Management of patch application status and promotion of vulnerability response (each team is responsible for understanding the situation and managing the application status)

Triage and response / reporting in the event of a security incident

Additional security-related inquiries

Expected Must Qualifications

If possible, bilingual personnel with a deep understanding of Japan business culture and minimum security knowledge

Those who can analyze practical aspects, define deficiencies, and make recommendations to the director.

A person who can proactively assist or lead the activities that security team members are currently dealing with and reduce the current workload on each individual.

A person who has the skills to define the requirements of the Managed Service and provide feedback to EA / JA to make up for the areas and shortages that can be handled by the Service from client's standpoint.

Expected Qualifications that impact our decision

Enterprise Security Architecture Understanding & Experience - a comprehensive framework that outlines the structure, policies, and procedures for securing an organization's information systems. It ensures that the security measures align with business objectives and regulatory requirements. A robust ESA provides a layered defense strategy, minimizing vulnerabilities and mitigating risks.

InfoSec Key activities understanding & experience

• Risk Assessment : Identifying, evaluating, and prioritizing risks to the organization's information assets.
• Policy Development : Creating comprehensive security policies and procedures that align with regulatory requirements and best practices.
• Access Control : Implementing measures to ensure that only authorized individuals can access sensitive information.
• Incident Response : Developing and executing plans to handle security breaches effectively, minimizing damage and ensuring quick recovery.
• Security Awareness Training : Educating employees on security best practices, potential threats, and how to respond to security incidents.
• Monitoring and Auditing : Continuously monitoring systems for suspicious activity and conducting regular audits to ensure compliance with security policies.

Security Technology Experience

Zero Trust and SASE : Understanding and Experience