The candidate for this position should be capable of providing design, implementation, maintenance and troubleshooting functions for the security of physical and virtual information networks, systems, applications, and peripheral devices in support of the firm's Cyber Security operations.
This position requires close coordination with team leads, and across multiple domains to understand technical requirements and ensure solution designs meet long term business needs.
- Design network devices, optimize firewalls policies and operating systems for secure builds in data center and/or cloud server security technical Implementation
- Identify security issues for remediation, provide background context, and assist with implementation of counter-measures or mitigating controls
- Support projects with:
- installing and operating cybersecurity tools
- scanning and providing residual risk statements for hosted systems
- managing user access or network access devices and connections
- Operate and maintain cybersecurity tools
- Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external web integrity scans to determine vulnerabilities and compliance risk
- Research, evaluate, and recommend new security tools, techniques, and technologies for introduction in alignment with our overall IT strategy
- Define the firm's Cyber Security policies based on strong knowledge of industry best practices and IT security frameworks; Collaborate well with external information security service providers
- Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and best practices
- Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence; Provide guidance to other team members.
- Bachelor’s degree in Computer Science, Engineering or relevant field experience
- 8 + years' experience as an information security professional with advanced experience developing, documenting, and driving adoption of information security standards and procedures
- 4 years of advanced knowledge of security standards and frameworks
- 4 years of experience implementing and executing security incident response
- Cloud, CISCO security or other highly desired: CISSP, GIAC, CEH, Security+ or related security certifications a major plus
- Qualified applicants should have hands-on experience across a broad spectrum of data security disciplines. Including Microsoft networking solutions and infrastructure and intrusion detection and prevention. Strong background with firewall products, IDS, DMZ, IPSec, DNS, SMTP, HTTP proxies, etc.
- Knowledge of security best practices across multiple platforms
- Experience with Agile frameworks such as Scrum and Agile tools
- Knowledge of public-key cryptography, understanding of encoding, Data classification encryption, and hashing techniques
- Must have strong leadership skills, providing project leadership as needed, as well as excellent written and verbal communication skills.
- The ability to work on a team and independently on complex tasks with minimal technical and management guidance is required
- Must be able to meet deadlines and deliver status updates to project team on a frequent basis.