JM Family Enterprises Information Security Engineer in Deerfield Beach, Florida
Information Security Engineer
FL - Deerfield Beach
JM Family Enterprises, Inc.
The Information Security Engineer will report directly to the Security Operations Manager and support the CISO to provide the highest quality of information assurance program to our business units and customers. The Information Security Engineer will develop
and implement security processes and solutions, including the ongoing assessment and compliance to required security guidelines across the enterprise computing environment to ensure enterprise security by protecting system boundaries, keeping computer systems
and network devices hardened against attacks and securing highly sensitive data. Qualified candidates will have a background in security or systems engineering.
We are looking for someone with a strong background in information security and a proven ability to deliver under pressure and meet deadlines
Desired Skills & Experience/ Key Responsibilities
- Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: SIEM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss
prevention, content filtering technologies, Next-gen firewalls (Palo Alto), vulnerability scanners, LDAP, forensics software, and security incident response.
Engineer, implement and monitor security measures for the protection of computer systems, networks and information
Identify and define system security requirements
Design computer security architecture and develop detailed cyber security designs in support of the Information Security Architect
Develop technical solutions and implement new security tools to help mitigate security vulnerabilities and automate repeatable tasks
Administer network and computing systems that enforce security policies and audit controls in a MS Windows environment
Prepare and document standard operating procedures and protocols
Configure and troubleshoot security infrastructure systems
Ensure that the company knows as much as possible, as quickly as possible about security incidents
Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
Review and assess the security configuration of clients, servers, and databases. Co-develops standard security configuration documents to ensure the effective use of system and application logs, to detect anomalous behavior and ensure compliance with policy
and regulatory requirements supporting NIST framework, SSAE16, and ISO 27001
Support risk assessments, penetration tests and diagnose internet/extranet security, intrusion attempts, and cyber-crime response
Assist in responses to external audits, penetration tests and vulnerability assessments
Recommend and coordinate the application of fixes, patches, disaster recovery procedures in the event of a security breach
Research emerging technologies in support of security enhancement and development efforts
Perform project leadership tasks on select security projects
Perform other essential duties as assigned
Five years experience required in an Information Security role, with direct responsibilities reviewing and escalating security incidents and handling triage of said incidents.
Extensive experience managing vulnerability and threat management programs & technologies.
High level of competence securing web servers including IIS and Apache.
Experience securing Windows, Linux/UNIX OS environments. Experience with z/OS mainframes and/or other operating systems a plus.
Ability to analyze malware activity and identify and isolate impacts within a system.
Experience providing guidance to operational areas for mitigation of web application vulnerabilities primarily focusing on OWASP top ten.
Experience managing Web Application Firewalls WAF’s
Experience with Active Directory and federated identity technologies such as ADFS, OAuth and SAML.
Strong understanding of TCP/IP and web application protocols as related to a layered defense approach.
Understanding of web services, security standards and security testing principles, tools and techniques to include tools such as QRadar, Qualys, Nessus, Burp Proxy, Sandboxing tools and other security testing tools
Knowledge of encryption technologies as they pertain to server, desktop, mobile computing and cloud computing platforms.
Ability to plan and prioritize a varied workload working with multiple departments within the organization.
Excellent project management skills, including ability to create and maintain security project plans, schedules, metrics and progress reports/presentations.
Experience working with change management principles and operations.
Experience with compliance audit requirements for security access and administration functions, including internal audit efforts and industry standard audits such as SSAE16 or PCI-DSS.
General understanding of security and privacy-related regulations.
Ability to work effectively with technical and non-technical personnel in a cross-functional setting.
Experience with creation of departmental procedural documentation to support applications and processes.
Ability to relate security principles and processes to business and organizational value.
Proficient knowledge of the Microsoft Office suite required including creation of PowerPoint’s and Visio diagrams
Strong written and verbal communication skills required.
CISSP, CEH, and GCIA certifications preferred.