IT Security Engineer

Location: Grapevine, TX, United States
Date Posted: 01-25-2019
SCOPE OF POSITION: The IT Security Engineer will be responsible for leading or supporting activities related to the Enterprise Privacy and Information Security program.  Specifically, this individual will act according to direction provided by the Sr. Manager, Information Security, Data and Privacy in connection with providing research, design, implementation, and daily operational support related to the following key areas of concern: 
 
Cloud Security
Identity and Access Management
Business Continuity / Disaster Recovery
Application Security
Infrastructure Security
Endpoint and Mobile Device Security
3rd Party Risk Assessment 
 
KEY RESPONSIBILITIES: The IT Security Engineer will be tasked with the following responsibilities/duties, all in accordance with applicable Federal, State and local laws / regulations as well as ratified policies, procedures, and guidelines: 
  • Developing and carrying out information security plans and policies.
  • Developing strategies to respond to and recover from a security breach.
  • Developing or implementing open-source/third-party tools to assist in detection, prevention and analysis of security threats.
  • Presenting awareness training of the workforce on information security standards, policies and best practices.
  • Implementing robust/scalable protection solutions related to the specific InfoSec needs of KCC.
  • Installing and managing use of firewalls, data encryption, and other security products and procedures.
  • Conducting periodic internal network scans to find and mitigate existing vulnerabilities
  • Conducting (or overseeing/parsing results of) mandated penetration testing on an annual basis.
  • Investigating possible data security events/incidents.
  • Leading Incident Response, including steps to minimize the impact of an InfoSec event or incident and being prepared to conduct full-scale post-breach response/recovery activities if necessary. 
 
EDUCATION, CERTIFICATIONS, AND TRAINING: 
  • Bachelor’s degree or equivalent work experience required. 
  • Minimum of 7 years of relevant experience in consumer finance and manufacturing environments preferred. 
  • Minimum of 10 years in IT Operations and / or Security roles. 
  • Relevant technical certifications (such as a CISSP, CRISC, SSCP, CompTIA Security+, CASP, CCNA Security, GIAC , GSEC, ) are desirable or willingness to obtain relevant certification within 1 year of employment would be ideal. 
 
SKILLS AND BACKGROUND: 
 
  • Familiarity with industry frameworks and standards, such as ISO 27002, NIST-SP, COBIT and SSAE18, etc.
  • Working knowledge of network infrastructure and security monitoring tools
  • Experience with network penetration testing and remediation
  • Experience with Sarbanes Oxley (SOX) ITGC controls
  • Experience configuring web security appliances in accordance with company security policies
  • Ability to scope and perform risk assessments
  • Experience with 3rd party management and vendor risk assessments
  • Experience with SIEM technologies
  • Experience with Managed Security Service vendors and technology
  • General knowledge of cloud computing infrastructure and security
  • Ability to work independently and solve problems as they arise
  • Ability to handle confidential and sensitive information with integrity 
  • Ability to continuously learn new technologies
  • Excellent verbal and written communications skills 
this job portal is powered by CATS