Skill: The Senior Enterprise Security Engineer is a senior level position responsible for ensuring the corporate sensitive information, systems LAN, WAN, Internet and data are protected according to organization’s information security policies, procedures and standards.
The Enterprise Security Engineer III is responsible for assisting in the establishment, development, design, recommendation and implementation of a security framework that encompasses mainframe, distributed systems, Cloud, network, web applications for current and new systems. The Enterprise Security Engineer III works multiple teams in the organization spread across Systems Development, Operations, Office of compliance, Vendor partners and affiliate security representatives to coordinate and/or lead security architecture activities across the enterprise.
The Enterprise Security Engineer III will evaluate new security alerts, threats and vulnerabilities. Will lead staff in remediation efforts and will act as incident leader as required and as appropriate. Be willing to respond promptly to security problems reported to Information Security organization
Experience: • Five plus years of experience with Intrusion Detection and/or prevention systems. Experience with wireless security mechanisms and technologies.
• College Degree in Computer Science, Engineering, related field or equivalent experience. CISSP, CCNA certifications are preferred.
• Seven plus years minimum experience, including at least five years as a Senior level security member of a large organization managing and/or designing large scale security architecture.
• Required skills in network analysis, L2/L3 firewalls, routing, switching, IDS/IPS, Layer7 Web Application Firewalls (WAF) (F ASM), Spyware/Malware, IPsec, SSL, and web application scanning tools (WebInspect, AppScan)
• Previous experience in Web development, web proxy and familiarity with OWASP frame work desired.
• Understanding of security principles in a large organization is required.
• Experienced in the development and implementation of security policies is required.
• Very experienced in network security, demonstrated knowledge of application layer security API*s and protocols such as SSL, Kerberos.
• Demonstrated knowledge of firewalls, routing, switching, IDS/IPS authentication and authorization systems.
• Strong verbal and written communication skills, with the ability to prepare various forms of reports, correspondence and presentations.
• Able to work in a fast-paced, high-pressure environment and lead junior staff as required.
• Knowledge of HIPAA privacy rules and regulations.