MCG JOB Requisition Title: Security Engineer I Number of Positions: 1 Is it a new position or replacement? New When do they want it filled by? January 2010 Salary : $50-60K We are looking for someone with experience with the following tools: ArcSight (SIEM), Fortinet (IDS/IPS), Credant (Encryption), Symantec (Enterprise AV), Websense (enterprise DLP). The ideal candidate will be working as the technical arm of a security and forensics team. Bottom line: YOU HAVE TO KNOW SECURITY MUST HAVE A CLEAN CRIMINAL HISTORY! MINIMUM SPECIFICATIONS 1. Education/Experience: Must have a Bachelor s degree in Management Information Systems, plus two years of experience in an information systems security area with a background in data, software, hardware, network, web and facility access; OR, must have an equivalent combination of education and experience. 2. Certification/Registration/Licensure: Certifications from Security organizations and vendors offering security products are desirable. 3. Skills or Special Abilities: Must possess a thorough understanding of security issues and problems related to the access of data, software, hardware, network and facilities. Must be able to facilitate discussions with users from business and technical areas and understand their unique perspective with respect to security and document their requirements in a business language. Must have the ability to perform complex research in order to determine industry standard products and solutions in response to security requirements. Must have the ability to formulate business solutions as well as technical solutions at a conceptual level and recognize the implications of such solutions on the business. Must be able to examine existing processes, manual and automated, and recommend alternative solutions in concert with technical individuals. Must possess a good understanding of the systems development life cycle methodology. Must have the ability to develop project plans, organize and monitor tasks, and be able to produce quality results in a timely manner. Must be able to perform technical risk assessments and implement corrective actions in regard to the safeguard of information systems. Must be able to independently implement and maintain complex information security tools. Must have superior writing skills and the ability to communicate effectively. Must have excellent documentation skills. 4. Minimum Technical Requirements (Not Comprehensive) 1. M ust possess thorough knowledge about the information systems security area 2. Must possess a good understanding of the system life cycle methodology. 3. Working knowledge of design, implementation, and maintenance of - Local area networks and firewalls - Windows Server 2003 Active Directory - Group Policy Objects - MS Exchange Security Products - DLP Technologies - SIEM Tools - Scripting - Vulnerability Scanning - Encryption - IDS/IPS - Web Filtering - VPN technologies - Linux - LDAP - Multi-factor authentication systems - Anti-Virus/Anti-Malware software- Local area networks and firewalls 4. In depth knowledge of network assessments, vulnerability assessments, and regulatory compliance (HIPAA and PCI) 5. Experience with hacker techniques and network/OS security principles. 6. Excellent documentation and analytical skills 7. Ability to listen and communicate effectively PRINCIPAL ACCOUNTABILITIES Security Engineer 1. Performs implementation analysis and technical risk assessments on systems to ensure conformity to current security standards and operational support requirements are being met. 2. Implements discovery processes to identify systems, their business processes, their owners, and their compliance with current security policy and standards. 3. Performs periodic technical risk assessments for and identifies items needing remediation. Examples of targeted technologies include but are not limited to firewalls, routers, switches, Intel servers, AIX systems, and application behavior. 4. Monitors the network, servers, and data flow to ensure confidentiality, integrity, and availability of systems and information and generate reports. 5. Manages on-time delivery of assigned tasks against existing plans and schedules. 6. Implements, maintains, and provides increasing development for the Information Security tools and infrastructure systems. Examples of such tools are web filtering technology, IDS/IPS appliances, SIEM tools, antispam/antivirus systems, data leakage appliances, authentication systems, content screening servers, VPN systems and firewalls. 7. Participates in the development of information security policy and standards where technical issues are to be considered. 8. Provides incident response for technical security issues. 9. Participates in Disaster Recovery and Business Continuity Planning process as needed.
Apply to this job