Job #: 805
Title: Information Security Engineer
Information Security Engineer
Use extensive knowledge and skills obtained through education and experience to evaluate business objectives, derive technical requirements and develop secure, reliable, efficient solutions for the business and work independently with general direction from management. This is an information security engineering focused position, which requires in-depth technical expertise in networking and security related technologies, architectures and systems. Be conscience of the impact of decisions and how they relate to organizational objectives and make recommendations.
Perform Information Security and Incident Response activities for the firm’s environment.
Monitor and analyze alerts to identify security issues for remediation.
Assist with implementation of the security roadmap to implement critical security controls
Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine security vulnerabilities.
Review and approve or deny proposed changes to the NB IT infrastructure that includes, but not limited to, firewall changes and access to NB sensitive data.
Prepare incident reports of analysis methodology and results.
Identify, extract, prioritize, and leverage intelligence from advanced persistent threat (APT) intrusions
Expand upon existing intelligence to build profiles of adversary groups
Leverage collected intelligence to improve success in defending NB against and responding to future intrusions
Manage, share, and receive intelligence on APT actors
Develop, publish, and maintain Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
Manage remediation plans for any gaps reported in audits or recommended process improvements.
Collaborate with IT management, the legal department, risk department, human resources, compliance, and potentially law enforcement agencies to manage security vulnerabilities or investigations.
Review client and vendor contracts and agreements for adherence to security provisions and make recommendations for language changes if needed.
Work with IT to architect a secure virtual environment.
Assist with the creation and maintenance of user security awareness materials.
Conduct security research in keeping abreast of latest security issues. Specifically surrounding areas of Cloud Computing, BYOD, and access to corporate data via mobile apps.
Assist IT teams in delivering technical solutions that empower the business and meet their needs in a secure manner.
Maintain current knowledge of relevant technology as assigned.
Perform other related duties as assigned.