Wednesday, December 16, 2009

Security Engineer in Dallas, TX

MDI is a national IT Staffing and Consulting company that has been in business for 20 years. We are looking for a Security Engineer at one of our large, well established Healthcare clients in Dallas, TX. This is a Direct Hire position and an immediate need. Local candidates are preferred. PRINCIPAL ACCOUNTABILITIES Security Engineer Performs implementation analysis and technical risk assessmentson systems to ensure conformity to current security standards andoperational support requirements are being met. Implements discovery processes to identify systems, theirbusiness processes, their owners, and their compliance with currentsecurity policy and standards. Performs periodic technical risk assessments for Client stechnology and identifies items needing remediation. Examples oftargeted technologies include but are not limited to firewalls,routers, switches, Intel servers, AIX systems, and applicationbehavior. Monitors the network, servers, and data flow to ensureconfidentiality, integrity, and availability of Client s systems andinformation and generate reports. Manages on-time delivery of assigned tasks against existing plans and schedules. Implements, maintains, and provides increasing development forthe Information Security tools and infrastructure systems maintained bythe Client s Information Security Department. Examples of such toolsare web filtering technology, IDS/IPS appliances, SIEM tools,antispam/antivirus systems, data leakage appliances, authenticationsystems, content screening servers, VPN systems and firewalls. Participates in the development of information security policy and standards where technical issues are to be considered. Provides incident response for technical security issues. Participates in Client s Disaster Recovery and Business Continuity Planning process as needed.Stays abreast of new developments in the field of technology andsecurity by attending seminars/workshops, reading professionaljournals, and actively participating in professional organizations.Integrates knowledge gained into current work practices. Serves as a resource to business areas, project teams, andtechnical staff to ensure compliance with security policies andstandards. Identifies ways to improve information security while maintainingoperational requirements. Makes recommendations to manager, implementschange and monitors results as appropriate in support of the overallgoals of the department and Client.Maintains knowledge of applicable rules, regulations, policies,laws, and guidelines that impact the security and technology functionand information systems. Develops effective internal controls thatpromote adherence to applicable state/federal laws, and the programrequirements of accreditation agencies and federal, state, and privatehealth plans. Seeks advice and guidance as necessary to ensure properunderstanding.Provides day-to-day monitoring of security tool logs and alerts.Identifies and reacts to network attacks, viruses, and intrusions.Ensures compliance to standards, policies, and procedures throughreviews, investigations and implementation of systems to automatealerting and reporting.Provides forensic analysis of security violations.Designs, documents, and supports network security design changes.Documents and executes integration processes and standards.Documents and reports performance measurements, value and return on investment for products in service.Interfaces with 3rd party partners and vendors.Completes other duties as assigned by the Information SecurityManager and/or members of the Information Systems management team. MINIMUM SPECIFICATIONS Education/Experience: Musthave a Bachelor s degree in Management Information Systems, plus twoyears of experience in an information systems security area with abackground in data, software, hardware, network, web and facilityaccess; OR, must have an equivalent combination of education andexperience. Minimum Technical Requirements (Not Comprehensive) Must possess thorough knowledge about the information systems security areaMust possess a good understanding of the system life cycle methodology. Working knowledge of design, implementation, and maintenance ofLocal area networks and firewallsWindows Server 2003 Active DirectoryGroup Policy ObjectsMS Exchange Security ProductsDLP TechnologiesSIEM ToolsScriptingVulnerability ScanningEncryptionIDS/IPSWeb FilteringVPN technologiesLinuxLDAPMulti-factor authentication systemsAnti-Virus/Anti-Malware software- Local area networks and firewallsIn depth knowledge of network assessments, vulnerability assessments, and regulatory compliance (HIPAA and PCI)Experience with hacker techniques and network/OS security principles. Excellent documentation and analytical skillsAbility to listen and communicate effectivelyExperience managing the following tools: ArcSight (SIEM),Fortinet (IDS/IPS), Credant (Encryption), Symantec (Enterprise AV),Websense (enterprise DLP) Skills or Special Abilities: Must possess a thorough understanding of security issues andproblems related to the access of data, software, hardware, network andfacilities.Must be able to facilitate discussions with users from businessand technical areas and understand their unique perspective withrespect to security and document their requirements in a businesslanguage. Must have the ability to perform complex research in order todetermine industry standard products and solutions in response tosecurity requirements. Must have the ability to formulate business solutions as well astechnical solutions at a conceptual level and recognize theimplications of such solutions on the business. Must be able to examine existing processes, manual and automated,and recommend alternative solutions in concert with technicalindividuals. Must possess a good understanding of the systems development life cycle methodology. Must have the ability to develop project plans, organize andmonitor tasks, and be able to produce quality results in a timelymanner. Must be able to perform technical risk assessments and implementcorrective actions in regard to the safeguard of information systems. Must be able to independently implement and maintain complex information security tools. Must have superior writing skills and the ability to communicate effectively. Must have excellent documentation skills. Certification/Registration/Licensure: Certifications from Security organizations and vendors offering security products are desirable.
Apply to this job