JM Family Enterprises Information Security Engineer in Deerfield Beach, Florida

Requisition Number

17-0541

Post Date

10/3/2017

Title

Information Security Engineer

Location

FL - Deerfield Beach

Alternate Location

JM Family Enterprises, Inc.

Description

The Information Security Engineer will report directly to the Security Operations Manager and support the CISO to provide the highest quality of information assurance program to our business units and customers. The Information Security Engineer will develop

and implement security processes and solutions, including the ongoing assessment and compliance to required security guidelines across the enterprise computing environment to ensure enterprise security by protecting system boundaries, keeping computer systems

and network devices hardened against attacks and securing highly sensitive data. Qualified candidates will have a background in security or systems engineering.

We are looking for someone with a strong background in information security and a proven ability to deliver under pressure and meet deadlines

Desired Skills & Experience/ Key Responsibilities

  • Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: SIEM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss

prevention, content filtering technologies, Next-gen firewalls (Palo Alto), vulnerability scanners, LDAP, forensics software, and security incident response.

  • Engineer, implement and monitor security measures for the protection of computer systems, networks and information

  • Identify and define system security requirements

  • Design computer security architecture and develop detailed cyber security designs in support of the Information Security Architect

  • Develop technical solutions and implement new security tools to help mitigate security vulnerabilities and automate repeatable tasks

  • Administer network and computing systems that enforce security policies and audit controls in a MS Windows environment

  • Prepare and document standard operating procedures and protocols

  • Configure and troubleshoot security infrastructure systems

  • Ensure that the company knows as much as possible, as quickly as possible about security incidents

  • Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement

  • Review and assess the security configuration of clients, servers, and databases. Co-develops standard security configuration documents to ensure the effective use of system and application logs, to detect anomalous behavior and ensure compliance with policy

and regulatory requirements supporting NIST framework, SSAE16, and ISO 27001

  • Support risk assessments, penetration tests and diagnose internet/extranet security, intrusion attempts, and cyber-crime response

  • Assist in responses to external audits, penetration tests and vulnerability assessments

  • Recommend and coordinate the application of fixes, patches, disaster recovery procedures in the event of a security breach

  • Research emerging technologies in support of security enhancement and development efforts

  • Perform project leadership tasks on select security projects

  • Perform other essential duties as assigned

Requirements

  • Five years experience required in an Information Security role, with direct responsibilities reviewing and escalating security incidents and handling triage of said incidents.

  • Extensive experience managing vulnerability and threat management programs & technologies.

  • High level of competence securing web servers including IIS and Apache.

  • Experience securing Windows, Linux/UNIX OS environments. Experience with z/OS mainframes and/or other operating systems a plus.

  • Ability to analyze malware activity and identify and isolate impacts within a system.

  • Experience providing guidance to operational areas for mitigation of web application vulnerabilities primarily focusing on OWASP top ten.

  • Experience managing Web Application Firewalls WAF’s

  • Experience with Active Directory and federated identity technologies such as ADFS, OAuth and SAML.

  • Strong understanding of TCP/IP and web application protocols as related to a layered defense approach.

  • Understanding of web services, security standards and security testing principles, tools and techniques to include tools such as QRadar, Qualys, Nessus, Burp Proxy, Sandboxing tools and other security testing tools

  • Knowledge of encryption technologies as they pertain to server, desktop, mobile computing and cloud computing platforms.

  • Ability to plan and prioritize a varied workload working with multiple departments within the organization.

  • Excellent project management skills, including ability to create and maintain security project plans, schedules, metrics and progress reports/presentations.

  • Experience working with change management principles and operations.

  • Experience with compliance audit requirements for security access and administration functions, including internal audit efforts and industry standard audits such as SSAE16 or PCI-DSS.

  • General understanding of security and privacy-related regulations.

  • Ability to work effectively with technical and non-technical personnel in a cross-functional setting.

  • Experience with creation of departmental procedural documentation to support applications and processes.

  • Ability to relate security principles and processes to business and organizational value.

  • Proficient knowledge of the Microsoft Office suite required including creation of PowerPoint’s and Visio diagrams

  • Strong written and verbal communication skills required.

  • CISSP, CEH, and GCIA certifications preferred.