Information Security Engineer

Job role : Information Security Engineer

Location : Phoenix Metro Area, AZ

Job Type: Contract

ServiceNow Job Description:

Working independently, serves as a senior technical engineer and advisor to large complex system, application or network projects; with a focus on securing vulnerabilities and reducing the risk of system or application compromises. Participates in analyzing, planning, implementing, maintaining, troubleshooting, and enhancing large complex systems or networks consisting of a combination that may include SaaS, IaaS, mobile devices, LANS, servers, data storage, and the physical and logical components that integrate these systems together.

Responsibilities

• Engineers, designs, implements, maintains, and operates information system security controls and countermeasures.
• Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance.
• Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
• Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.
• Administers authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
• Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments.
• Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
• Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs.
• Coaches and mentors’ level, I and II engineers and Security Operations Center team members.
• Other duties as assigned

Qualifications

• This position requires a minimum of 5 years progressively responsible information technology experience.
• Minimum of 5 years hands-on experience with security tools including, but not limited to, reverse proxies, intrusion prevention, malware detection, and vulnerability management.
• Corporate retail experience preferred.
• Proven expertise with any combination of the following: AWS/Azure, secure coding, threat modeling, identity management and authentication, cryptography, penetration testing, authentication and security protocols, system administration and network security is necessary.
• An understanding of Web services and experience with multiple programming languages (such as, JSON, PowerShell, Ruby, Python, Perl, etc.) is preferred.
• Expert knowledge of TCP/IP, common protocols and standards is necessary.
• Demonstrated experience analyzing large data sets and unstructured data for the purpose of identifying trends and anomalies indicative of malicious activity, as well as demonstrated capability to learn and develop new techniques is crucial.
• Proven ability to manage productive relationships with vendors and internal stakeholders.
• Ability to proactively educate stakeholders on security best practices.
• Expert ability to communicate across all levels of IT, present complex ideas concisely and clearly articulate technical ideas both verbally and in writing is necessary.
• Advanced skills with Microsoft office products, M365 and Visio.
• Ability to identify complex problems, review information to develop and evaluate options then recommend solutions is essential.
• Expert collaboration, influencing and negotiation skills are required.
• Able to work efficiently and accurately under pressure, meet deadlines, present a professional demeanor and work well independently is essential.
• In addition, troubleshooting and organizational skills with a can-do attitude and the ability to adjust to changing requirements are essential
• Superior customer service skills are essential including the ability to manage and respond to different customer situations while maintaining a positive and friendly attitude.
• Maintaining confidentiality, treating others with respect and upholding Company values are key attributes.

Educational Requirements:

This position requires a bachelor’s degree in Computer Science, Engineering, Criminal Law or other related field, or equivalent work experience. Security certifications such as GIAC, GSEC, GCED, or CISSP required. A Master’s degree highly preferred.