Information Security Engineer

The Information Security Engineer identifies information security risks and defines and implements technical solutions to mitigate or lessen those risks. This position will lead the implementation of key information security initiatives. Responsibilities include ensuring compliance with corporate information security policies and enforcing implementation of the firm's security architecture. This includes the auditing and safeguarding of all computer platforms, data and networking components within the corporation, oversight of the security configuration and monitoring.
Responsibilities Include

• Design, implement and configure security applications and infrastructure to support corporate policies, federal and state security regulations.

• Be an information security Subject Matter Expert; assisting application and system development teams to configure and deploy systems and applications in a secure manner.
• SIEM implementation and support, vulnerability management, IDS/IPS management, DB Security, O/S security, etc.
• Plan and conduct infrastructure security assessments of all layers of the information system including networking, servers, operating systems, databases and applications.
• Implement new technologies as required to support the ever changing security landscape.

• Maintains close liaison with other departments on technical matters and may work closely with vendors or customers on technical information, handling escalation issues, or modifications related to projects.
• Serve as technical lead on security projects.
• Support the security needs of our national network of geographically dispersed financial advisor offices.
• Responsible in part for maintaining our firewall infrastructure.

Qualifications

• Bachelor's degree in a technical discipline or equivalent work experience.
• 5+ years in an Information Security role.
• Familiarity with Check Point firewall technology including Provider-1/Multi Domain Management, VSX, SSL VPN using mobile access, and other checkpoint blade technology.
• In depth knowledge of the design and implementation of IDS/IPS solutions, VPNs, SSL, Endpoint Security solutions, and web filtering.
• Extensive experience in the design and implementation of Log management and SIEM solutions.
• Experience documenting technology standards, operational procedures, and other technical documentation.
• Experience with Incident Response strategies and forensics.
• Experience with Linux operating system
• Familiarity with risk assessment; knowledge of IT risk management concepts.
• Familiarity and experience with US laws and regulations such as GLBA, Massachusetts 201 CMR 17.00 and FISMA.
• Familiarity with NIST 800-53, ISO 270001 standards.
• Excellent oral and written communication skills.
• Excellent customer service skills.
• Leadership skills and the ability to unify and empower multiple groups to achieve the same goal.
• Ability to interact with technical staff across multiple systems and disciplines-High degree of self-sufficiency, ownership, and pride of deliverables.
• Scripting or programming experience is a plus
• ITIL and ITSM background is a plus.
• CISSP or GIAC required, other certifications a plus.