Information Security Engineer

How will you impact First Command?

An Information Security Engineer assists in safeguarding our organization's sensitive data, computer networks, and systems. They aid in the planning and execution of security measures to monitor and protect sensitive data and systems from exfiltration, infiltration, and cyber-attacks.

What will you be doing? 

• Monitor areas of responsibility to prevent, detect, and investigate security alerts and when appropriate, escalate to Senior Engineer
• Assist with Data Loss Prevention and data centric methodology, configuration, and enhancement
• Assist with correlating and enhancing log management and Security Information and Event Management (SIEM)
•   Assist in the remediation of issued identified by vulnerability and penetration testing
• Maintains documentation for all aspects of the vulnerability management program, including but not limited to results, schedules, SLAs, and ticketing
• Assists in reviewing and improving on all annual security training initiatives
• Coordinates, facilitates, and maintains the schedule for access reviews
• Provide security guidance and troubleshooting security issues as required
• Manage and improve Information Security documentation as required
• Deliver appropriate and accurate metrics to management
• Participates as a key member of the Information Security
• Identifies and assists in the planning and management of Information Security protection initiatives and projects
• Stay up to date on new information technologies and apply those innovations in the company's security standards and best practices
• Collaborate with team members as well as other business functions, business partners, management, vendors, and external parties for information gathering and best practice recommendations
• Conduct and report on vendor reviews
• Anticipate future problem areas by monitoring workflows and network traffic patterns
• Conducts security reviews, evaluations, risk assessments, and develops recommendations for improvements as appropriate
• Team specific and organization-wide knowledge sharing

What skills/qualifications do you need? 

Education

• Bachelor's degree in computer science, Information Technology, or an Engineering related field, or equivalent experience

Work Experience

• Minimum 2 years' experience working in an IT Security capacity
• Experience with Information Security policy design
• Experience with data loss prevention tools and techniques
• Experience with conducting, interpreting, and reporting on data loss prevention configuration alerts
• Experience with vulnerability and penetration testing tools and techniques
• Experience with conducting, interpreting, and reporting on vulnerability and penetration tests
• Experience participating in security audits
• Experience with monitoring for security events, evaluating and responding where appropriate

Certifications

• Relevant Security certification(s) recommended: CompTIA Security+
• Relevant Security certification(s) not required but a plus: CISSP, Microsoft Certified Systems Administrator: Security, CCSP, CCNA, and CCNP: Security

Required Knowledge, Skills and Abilities

• Diligence in producing and maintaining documentation and evidence, especially for compliance activities
• Working knowledge of ISO, NIST, and other Information Security standards, laws, and regulations
• Possess strong analytical skills
• Must be a self-starter and comfortable with self-directed learning on industry risks and changes
• Must be able to perform risk analysis and provide recommendation to mitigate risk
• Good oral and written communication skills
• Ability to speak confidently when dealing with internal constituents
• Identifying problems and reviewing related information to develop and evaluate options and implement solutions
• Build domain knowledge of our environment to understand long-term risk areas that will develop as the systems evolve
• Incorporate industry security standards into practical security operations, network operations, and application development practices
• Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks

#LI-NC1