Sr. Information Security Engineer

The Sr. Information Security Engineer is responsible for maintaining the high availability, configuration/efficiency and implementation of information security tools, systems and services. Works in conjunction with the Security Operations Center to identify and respond to threats to the Bernhard enterprise. Works on highly complex projects that require an in-depth understanding of multiple domain knowledge (security, networking, cloud, etc.). This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.

Specific responsibilities include:

• SECURITY ENGINEERING

• Collaborates across the company to guide the direction of information security, working with hardware, software, research and product teams

• Researches, designs, and develops architecture solutions meeting internal and external security requirements and standards

• Drives defense-in-depth security for the organization to protect critical IT assets and data

• Works extensively in networking products/technologies such as: routing and routing protocols, L2/L3 switching, Next Gen firewalls, IPS/IDS, Remote Access, VPN, SIEM, IAM, Encryption, VDI, and Mobile security

• Works with customers, partners to identify and address security issues and threats

• Evangelizes security across the engineering team and other business departments

• Assesses risks proactively and expresses concerns to engineering and operations teams

• Develops and executes security processes, policies, and procedures in collaboration with Manager

• THREAT RESPONSE

• Identifies, troubleshoots, and resolves vulnerabilities

• Participates in incident response and management as required 24x7

• Completes assessments and coordinates responses to threats/attacks to the technology infrastructure and supported applications/systems

• Responsible for Desktop, server, application, database, and network security principles for threat identification and analysis

• Participates in multiple Projects and manages large projects as required

• Serves as an information security subject matter expert

Required Education, Experience, and Qualifications

• BA or BS in Computer Science, Management Information Systems, or related field, from an accredited college or university or equivalent experience

• Five (5) or more years of security engineering, design, and implementation experience. 3-5 years of experience using vulnerability scanning tools such as Tenable Nessus, and some experience conducting Pen-Testing activities. 

• License/Certification: None required, CISSP highly desired

• Advanced knowledge of the threat landscape and threat intelligence methodologies

• Demonstrated ability to make decisions on remediation and counter measures

• Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing

• Working knowledge of global threats to cyber security and understanding of the tools and tactics utilized by threat actors

• Experience with a scripting language (Perl, Python, or other) in an incident response environment

• Extensive Windows, Mac, Linux and Unix experience including deep knowledge of file system layout, log file analysis, timeline creation, web browser forensics and file carving

• Ability to deliver succinct and fact-based communications, both verbally and in writing

• Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner

• Ability to use independent judgment to make sound, justifiable decisions and act to resolve problems

• Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product

• Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. HIPPA, PCI, DSS, etc.)

• Strong analytical and problem-solving skills are required. Excellent communication (oral, written, presentation), interpersonal and consultative skills will be needed in order to succeed

• Good communication skills and ability to present to diverse audiences of varying organizational levels

• Strong project management skills

• Ability to work in a collaborative, team environment

• Knowledge of local, state and federal regulatory requirements related to areas of functional responsibility

• Ability to work in a team or independently