The Security Engineer will play a critical role in leading implementation and administration of security solutions, information security practices and procedures to ensure systems are secure.
Essential Duties and Responsibilities:
- Create and maintain documentation in relation to security policies, processes and procedures.
- Assist in audits and ensure security controls are in place and effective.
- Implement and administration of Vulnerability Management and Patch Management Program.
- Implement, upgrade and monitor security tools deployed throughout the organization.
- Implement and administration of Privilege Management (Azure PIM, PAM solutions)
- Hands on with security and monitoring systems including logging (SIEM), IDS/IPS, EDR, Email Security Gateway and others.
- Serve as the lead for incidents and manage the Incident Response program.
- Research and evaluate security products and capabilities pertinent to securing the infrastructure of the company.
- Administration of the Security awareness program (KnowBe4, Cofense, ProofPoint or etc.)
- Work with members of IT department and third parties to provide Security monitoring and/or management services.
What you bring to the Team:
- A minimum of 7+ years of IT experience, include 4+ years in IT security.
- A bachelor’s degree
- Exposure to Windows, Linux, MacOS and Network Security
- Administration of Vulnerability and Patch Management Tools (InsightVM, Nessus, Qualys, Ivanti and etc.)
- Administration of Endpoint management and SIEM tools (Microsoft Intune, Ivanti, InsightIDR, Splunk, or etc.)
- Knowledge and implementation of hardening benchmarks (i.e., CIS benchmarks) for (Microsoft OS, MacOS, Office365, Azure, Network devices etc.)
- Exposure and knowledge of Cyber Security Frameworks (NIST, CIS Controls, OWASP)
- A demonstrated knowledge and administration of IT Security Tools (Network Monitoring / Security, EDR, Log Management / Analysis, Vulnerability Scanners, Firewalls, etc.) and extensive knowledge of IT Security Concepts
- Experience with Office365 and Microsoft Azure security tools and technologies
- Experience with implementation of CIS Top 20 Controls
- Information Security certification (CISA, CISSP, GSEC, or etc.)
- Experience with ERP security for audit and compliance purposes