Senior Information Security Engineer

Summary

Description Summary of This Role

Designs applications of advanced complexity which address business functionality and performance needs, while ensuring that maximum security is applied. Incorporates both in-house and externally acquired solutions. Considered a subject matter expertise in relation to security architecture and liaises with other areas of IT in the dissemination of this information to counter threats and internal and external vulnerabilities. Applies experience in topics such as enterprise software, software and hardware configurations, authentication, authorizations, detection and countering errant codes and scripts and related matters.

What Part Will You Play?

• Applies application development understanding and includes security controls within the application pipeline for moderately complex projects. Verifies controls are adhered to.
• Reviews security architecture designs independently utilizing a strong understanding of network architecture to include recommendations drafting.
• Utilizes a strong understanding of the appropriate settings for premise or cloud based security platforms in order to build guides for the standard implementation of a given platform.
• Interprets vulnerability scanning and/or penetration test results to eliminate false positives while identifying appropriate mitigation for true issues.
• Communicates InfoSec Architectural policies, standards and guidelines in documentation for consumption by both IT and non-IT resources.
• Utilizes a high level of industry understanding of implications of new threats and their applicability to TSYS, as well as options to reduce/eliminate new risk.
  
  

What Are We Looking For in This Role?

Minimum Qualifications

• Bachelor's Degree
• Relevant Experience or Degree in: in Information Security or Computer Science
• Typically Minimum 4 Years Relevant Exp
• Prior experience must be as an Information Security Analyst, or related role. Strong understanding of regulatory audit requirements and developing the appropriate solutions to address findings. Degree strongly preferred; however, additional 4 years related experience may be considered in lieu of a degree.
• One or more of the following (or similar) -CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, Security , CGEIT
  
  

Preferred Qualifications

• Typically Minimum 6 Years Relevant Exp
• Prior experience must be as an Information Security Analyst, Security focused Network Admin/Engineer or Systems Admin/Engineer. Understanding of regulatory requirements and solutions design to meet said requirements.
  
  

What Are Our Desired Skills and Capabilities?

• Skills / Knowledge - A seasoned, experienced professional with a full understanding of area of specialization; resolves a wide range of issues in creative ways. This job is the fully qualified, career-oriented, journey-level position.
• Job Complexity - Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors. Demonstrates good judgment in selecting methods and techniques for obtaining solutions. Networks with senior internal and external personnel in own area of expertise.
• Supervision - Normally receives little instruction on day-to-day work, general instructions on new assignments.
• Network Engineering/Architecture - Maintains an understanding of TCP/IP network connectivity, subnet segmentation, security zones, secure ports/protocols, network authentication/authorization, security tools and their applicability (WAF, IPS, Sandbox, etc.).
• Systems Engineering/Architecture - Maintains an understanding of Operating system infrastructure, including Windows, Linux, containers, container orchestration and Virtual Machines. Must understand system authentication options, user rights within systems, user authentication/authorization, least privilege, Group Policy, Automation tooling (Puppet, chef, ansible) and local security agents/tools (Anti-Virus, Whitelisting, forensics, firewall, etc.)
• Encryption/Cryptography - Understands the use of digital certificates, root certificate trust, and how to encrypt/decrypt network traffic. Recognizes data that must be encrypted at rest, and how to assure encryption key processes meet policy and regulatory requirements.