Develop and maintain information security policies;
Design and implement information security policy education, training, and awareness programs;
Establish security risk matrix and framework; select security solutions to address security controls for enterprise landscape;
Partner with key business and IT leaders to develop security policies, standards, guidelines, and procedures to ensure the confidentiality, integrity, and availability of the Company’s systems and data;
Consult with business owners regarding their information security risks and responsibility in minimizing those risks.
Requirements:
5+ years of experience engineering and administering security technologies;
Thorough understanding of the life cycle of network threats, attacks, and attack vectors;
Solid knowledge on web application security risks and common attacks;
Working knowledge of IT security controls associated with firewalls, IPS/IDS, web, cryptography, network endpoints;
Experience working with vulnerability management solutions (e.g., Tenable, Qualys, Rapid7);
Experience Utilizing SIEM software, experience analyzing, investigating, and resolving events;
Understanding of endpoint security solutions including DLP and EDR;
Expertise in securing and automating one or more public cloud solutions such as AWS, GCP, and Azure;
Solid understanding of standard TCP/IP networking and common protocols like DNS and HTTP;
Ability to establish relationships to influence colleagues and to effectively communicate;
Technical documentation skills to contribute to security documentation and policies.