Under the direction of the Information Security Manager, the Information Security Professional is responsible for architecture, design, implementation, integration, administration and maintenance of enterprise security solutions. This includes, but is not limited to network, systems, endpoint, mobile, email, identity access management, cloud and application security technologies. You will be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team.
The Information Security Professional will be required to participate in incident response to support the production support where and when appropriate. Extensive contact with internal customers, other information technology (IT) professionals, and vendors is required to identify, research, analyze, and resolve complex security issues and problems
· Primary subject matter expert, support and central point of contact for security solutions.
· Technical lead with the ability to mentor other members on the team
· Collaborate with and provide information security consulting to projects and initiatives.
· Forward thinking to identify upcoming trends and security best practices on the network.
· Lead implementation efforts of security initiatives and resolutions of any findings from internal or external assessments
· Ensure enterprise security standards are in place
· Produces and maintains current description and documentation of policy configuration, including tracking and documenting any changes to policies.
· Analyzes performance trends to optimize existing security controls.
· Improves security operations by automating administration tasks wherever possible.
· At-least 2 years of experience in Security Architect
· At-least 4 years of experience in Security Analyst
· ISC2 (CISSP, CCSP, ISSAP), SANS GIAC (GCCC, GCIA, GCFA, GMON, GCIH, GPEN, GREM, GXPN), Offensive Security (OCSP, OSCE) or other security vendor certification highly desirable.
· Experience with next generation firewall, web filtering, IPS, VPN, WAF solutions
· Experience with anti-malware, endpoint detection response (EDR), host-based intrusion detection (HIDS), host-based firewall solutions
· Experience with email protection gateway, WAF, event monitoring, SIEM
· Knowledge of web application security, secure development lifecycle (SDLC), OWASP and penetration testing
· Knowledge of cloud security SaaS, PaaS, IaaS (O365, AWS, GCP)
· Knowledge of information security management system (ISMS)
· Knowledge of ISO 27001, SOC2
· Knowledge of service management frameworks (ITIL)