Job #: 1791
Title: Security Engineer
The Senior Security Engineer is principally responsible for researching, designing, and integrating information security solutions and controls across the global enterprise in a way that is transparent to end users, supports executive strategies, and fundamentally ensures the security of the information is entrusted to protect. The Senior Security Engineer is responsible for conducting industry research on new and emerging security technologies in support of enhancing and maintaining evolving corporate strategies to ensure that security solutions will exhibit high levels of performance, security, scalability, maintainability, appropriate reusability and reliability upon deployment.
The Senior Security Engineer will design network security perimeter architecture, review internal and external IT projects and applications for risk and adherence to security policies, standards, and industry best practices. This position will lead and participate on multiple internal security project teams to evaluate and deploy security technologies globally and to make design recommendations for hardware/software products for the firm. Must define, document and design secure infrastructure and application architectures within the primary tenants of Availability, Integrity and Confidentiality.
The Senior Security Engineer is responsible for maintaining and updating multiple product road maps supporting the secure infrastructure framework. This position will provide thought leadership regarding solutions, designs, architecture, integration, support, strategies across the entire organization to include decision making through successful implementation while employing the highest levels of integrity. Every decision must consider both direct and indirect impacts on the global IT infrastructure.
Design, document, and deploy secure infrastructure solutions globally to enhance and evolve the security posture of the firm ensuring data integrity, availability and confidentiality of all data entrusted to protect. This includes millions invested in Next Generation Firewall architecture, anti-virus & anti-malware controls, proxy solutions, Data Loss Prevention software, whole disk and removable media device encryption, 2FA and MFA authentication, and PKI technologies.
Drive and implement key security strategies within the operating companies designed to protect thousands of applications and servers world-wide from threats. Responsible to design and implement network security architecture controls in support of hundreds of internal and external business IT projects and applications contributing to revenue growth globally. Review, assess and signoff on business projects with respect to risk and adherence to security policies, standards, and industry best practices for data protection of Company and client data. Lead project teams to include design, connectivity, and software solutions aligning security, cost, performance, and customer requirements to reach viable secure solutions.
Drive technical and strategic direction of the Information Security function across all of Companies globally. Responsible for maintaining and updating information security technology road maps through industry research, knowledge transfer, continued learning. Document and maintain comprehensive information security roadmaps and strategies with respect to process mapping, technical diagrams and schematics, standard operating procedures, and technical infrastructure documentation which results in the protection of sensitive information across thousands of applications and thousands of servers world-wide.
Partner with and provide information security expertise to the operating companies to provide guidance and direction on secure application hosting for hundreds of internal and client facing application systems. Assess applications and the associated data flow for risk to sensitive data, systems, or infrastructure. Collaboratively document security controls and application access requirements associated with hosted applications and systems.
End-to-End enterprise-wide tier III troubleshooting of network, desktop, server (hardware & software) and application performance & connectivity across the global wide area network as it relates to Information Security. Participate in or lead Computer Incident Response Teams (CIRT) as necessary by providing tier III support to mitigate active security incidents possible threatening the Global computing environment.
4-year college/university degree required
Minimum 10+ years of advanced network security architecture experience with large scale implementations spanning multiple business lines distributed globally.
Strong knowledge and experience with Next-Generation Firewalls. Experience with Cisco and Palo Alto is strongly preferred
Must have strong experience with Internet Application Hosting architectures, best practices and related technologies to effectively protect externally facing applications at the network and host levels.
Strong knowledge of WAF technologies. Experience with F5 ASM is preferred.
Strong familiarity with routing, switching, and bridging in both LAN & WAN environments.
Familiarity with common web application technologies such as .NET, Java, TAM, SSL/TLS, load-balancing, etc.
Familiar with common security controls on both Windows and Unix-based operating systems.
Good understanding of Microsoft AD and integration in to secure application hosting environments.
Strong background as a senior engineer/architect in security infrastructure and various network technologies to include devices such as firewalls, VPN, intrusion/extrusion detection, vulnerability & risk assessment tools, encryption technologies, virus/worm/malware prevention, E-business and web application technologies, Data Loss Prevention, whole disk & device encryption solutions, two-factor authentication, common Windows (desktop & server) platforms, various UNIX platforms, TCP/IP, SNMP, CGI, HTML and miscellaneous security related toolsets are all required.
Good written and verbal communication skills a must.
Must be able to quickly and succinctly architect and create technical solution documentation.
Must be a self-starter, work with limited supervision & be able to work well with others in a globally diverse IT environment.
Knowledge specifically on Cisco security platforms (i.e ASA, FirePOWER), Palo Alto, FireEye, McAfee Security Suite, and BlueCoat has a strong advantage.
Knowledge of cryptography as it relates to application and network security is a must.
Experience coding/scripting with common languages such as Java Script, Python & Perl is preferred.
CISSP certification required. Other Information Security oriented certifications a plus