Senior Information Security Engineer Job Description
Senior Information Security Engineer Duties & Responsibilities
To write an effective senior information security engineer job description, begin by listing detailed duties, responsibilities and expectations. We have included senior information security engineer job description templates that you can modify and use.
Sample responsibilities for this position include:
Senior Information Security Engineer Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Senior Information Security Engineer
List any licenses or certifications required by the position: CISSP, GIAC, CISA, CCSP, CEH, SSL, CASP, CISM, SANS, PNSE
Education for Senior Information Security Engineer
Typically a job would require a certain level of education.
Employers hiring for the senior information security engineer job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Primary Degree in Engineering, Technical, Science, Computer Science, Information Security, Information Technology, Technology, Management, Computer, Information Assurance
Skills for Senior Information Security Engineer
Desired skills for senior information security engineer include:
Desired experience for senior information security engineer includes:
Senior Information Security Engineer Examples
Senior Information Security Engineer Job Description
- Participate in compliance other responsibilities including
- Correlate and tune network, system, and application devices for security events
- Evaluate, plan, document, and implement new security tools within our environments
- Perform routine audits to ensure compliance with security policies and other industry standards
- Perform vulnerability assessments, security control checks, and reporting
- Research and evaluate the latest security products to combat the latest threats
- Understands current computer technologies and technical security requirements as applied to the design, development, evaluation, and integration of computer systems and networks to sustain compliance with national and corporate policy best practices
- Install and use software
- Lead technical and forensic investigation into how the incident/breach occurred and the extent of the damage
- Perform source code review and penetration testing of both new and existing applications
- Experience with various forms of virtualization technology
- BS Degree in Computer Science, Information Technology, Telecommunications, or Electrical Engineering, or equivalent work experience
- Must have hands on working knowledge of UNIX/AIX, Microsoft NT/200X, firewall multi-layer design and implementation, router access list/packet filtering (Cisco), WANs, LANs, the Internet, Intranets, network protocols and network services (e.g., Telnet, FTP, ), intrusion detection systems, Virtual Private Network (VPN), RSA SecureID, Enterprise Security management tools, security assessment software
- Must possess a basic understanding of ISO 27002 and IT audit frameworks including PCI-DSS 2.0, COBIT and COSO, OWASP
- Ability to consult internally with Sr
- Evaluation & assessment of compliance to a regulation, law or policy using industry standard methodologies (ISO27001, COBIT, NIST, ) in an enterprise environment
Senior Information Security Engineer Job Description
- Prepares and maintains detailed documentation on all physical and logical security configurations
- Initiates and leads the Computer Security Incident Response process according to organizational incident handling policies
- Performs analysis of the organization's network and systems security, monitoring, and alerting needs and contributes to design of network and system architecture
- Researches latest security exploits, vulnerabilities, and attack vectors, determines the risk they post to the business, and suggests methods to protect against them
- Handles escalated support requests and further escalates when needed
- Responsible for the implementation and migration of software and hardware security upgrades and patches
- Ensures security infrastructure processes, concepts, and maintenance are incorporated into systems, software, and hardware platforms in accordance with approved internal standards
- Provides technical input to projects along with implementation support to network services and infrastructure design teams
- Performs maintenance of security infrastructure to include updates and patching of software and hardware
- Maintains a comprehensive and in depth, component level understanding of all IT systems, data flows, applications, technologies, security controls, threats, weaknesses and countermeasures
- Takes advantage of available resources to complete work efficiently
- Performs independently
- Oversees project completion of less experienced team members
- High passion for Security and Availability
- Linux/UNIX Engineer or developer
- Distributed development of Highly Available and Highly Scalable systems
Senior Information Security Engineer Job Description
- Monitor security newsgroups, mailing lists, web sites, and other similar resources to stay informed of new security threats and emerging technologies
- Work with the SOC to support and respond to security technology needs
- Maintain well organized technology diagrams (network, rack, architecture, dataflow) and system inventories
- Provide system administration for the global security technology stack
- Lead discussions related to the architecture and engineering of security technologies that support the SOC
- Collaborate with the infrastructure teams
- Design, update, and maintain standard operating procedures for security system administration
- Troubleshoot technology issues
- Manage service request queues
- Partner with vendors to maintain and enhance security technologies
- Subject Matter Expert (SME) level knowledge of vulnerability management solutions OpenVAS and Rapid7 installation, configuration, administration, and troubleshooting
- Knowledge of scripting languages such as Perl, Python, Bash
- Familiar with log management and SIEM solutions
- Knowledge of PCI, SOX 404, Safe Harbor, and other regulations/standards
- CISSP and/or CISA Certifications preferred
- Must have 2+ years of direct experience with modern DLP solutions
Senior Information Security Engineer Job Description
- Assesses risks based on changes to implementation of ISO(International Organization for Standardization)/BSO(Business Services Online)
- Creates cost effective solutions for system/application development regarding Information Security processes and concepts in applicable systems and software
- Performs day-to-day Information Security functions pertaining to computer access control on numerous security software products and processes
- Enhance understanding of business objectives and helps providing direction based on risk, Corporate Policy, and association and regulatory guidelines
- Participates in developing long term strategies for conducting system penetration, vulnerability and web application testing, risk assessments, policy creation
- Lead technical information security assessments on vendor solutions providers to accurately reflect associated organizational risk
- Analyze, review, monitor, and reassess the adequacy of information security provisions in vendor and customer contracts
- Lead vendor assessment and risk monitoring by populating an existing GRC tool with assessment results
- Execute technical risk assessments using NIST SP 800-30 methodology against a variety of organization units, entities, business units, technologies, data centers, Summarize and present residual risks identified from assessments for an executive-level audience
- Perform security audits, internal security assessments, risk assessments, and support the management of independent external security audits
- Maintain a professional certification as a Certified Information Systems Security Professional (CISSP)
- Strong working knowledge of infrastructure technologies such as Windows and Linux operating systems
- Candidate must process a CISSP or equivalent IA certification, Security+CE, RHEL 6 System Administration, MCSA, or other equivalent certification
- Possess security certifications (CISSP, CCNA, ) and/or top secret security clearance
- Possess security certifications (CISSP, CCNA)
- Knowledge of IEC 62443 policies
Senior Information Security Engineer Job Description
- This position shares in responsibility for information security by following all applicable security policies and procedures
- This position is authorized to use elevated privilege accounts in the performance of job duties
- This position is authorized to handle sensitive or confidential data in accordance with established procedures in the performance of job duties
- This position has access to systems providing account and access provisioning
- This position is authorized to issue password resets in accordance with established procedures in the performance of job duties
- This position is authorized to manage, provision, and deprovision IT assets in accordance with established procedures in the performance of job duties
- Builds relationship and partners with member of IT Security and Risk Management, Enterprise Architecture, Network Engineering, Security Operations and with functional areas across IT and the business to raise and support the security posture of the company
- Designs, tests and deploys IT security systems and solutions
- Review applicable security support models and identifies opportunities for continued process improvement
- Monitor and review requests for change to assure they do not introduce any security and/or compliance risks to the enterprise and meet security requirements, guidelines and compliance requirements
- Demonstrated experience with common penetration testing and vulnerability assessment tools such as Burp Suite Professional, SQL Map, Metasploit, AppScan
- Experience in the use of source code analysis tools such as Fortify
- Extensive experience reviewing source code and assisting developers in closing vulnerabilities
- Understanding of security vulnerabilities (i.e., SQL Injection, XSS, buffer overflows) emerging platform vulnerabilities
- Experience with Enterprise Java web application frameworks, including Struts and Spring
- Intermediate knowledge of web frameworks, including XML, SOAP, REST,J2EE, JSON and Ajax