DrFirst

Returning Candidate?

Information Security Engineer

Information Security Engineer

Job ID 
2017-1037
# of Openings 
1
Job Locations 
US-MD-Rockville
Posted Date 
4/30/2017
Category 
IT Security

More information about this job

Overview

The Information Security Engineer will be on the Information Security team and focus on handling Vulnerability Management, Issue Management, Incident Response and security tool management. The objective of this position is to support the Information Security department's operations with a primary focus on managing security tools, finding, analyzing, and tracking vulnerabilities and security issues to remediation.

The successful candidate must have in-depth knowledge of information security and vulnerability management. High level communication skills are essential to successfully translate technology and requirements into business terms.

This role lies within the Information Security function, reporting to the Information Security Manager, but is closely aligned with other corporate functions such as Human Resources, Compliance and Information Technology, and may involve liaison with third party suppliers of awareness and training materials and services.

Responsibilities

Incident response
SPAM and Phishing email handling
Operate and improve the end-to-end vulnerability management process, including aspects of asset inventory, contextual approach to scanning, conducting risk and vulnerability assessment, and providing reporting and remediation guidance.
Provide in-depth analysis of vulnerabilities and related impact to stakeholders.
Lead regular meetings with stakeholders to coordinate remediation efforts and clarify ownership.
Influence stakeholders to prioritize risk treatment for identified vulnerabilities.
Provide security reviews of change management tickets submitted by the organization to ensure remediation efforts are acted upon in a timely manner.
Serve as the subject matter expert for threat and vulnerability processes.
Assist with associated incident response, security administration, and security monitoring initiatives as requested.

Qualifications

Bachelor’s degree in related field
A minimum of 5 years experience in IT and information security, 2 of which must be in information security
Experience as a system administrator
Self-motivated, detail-oriented professional
Excellent communication, facilitation, and writing skills
Strong knowledge in a scripting language such as Perl or Python
Experience using JIRA is preferred but not required
Experience with security tools, including: vulnerability management tools such as Nessus, Qualys, Symantec Endpoint Protection, Veracode, IBM Appscan, nmap, metasploit, core impact
Expert understanding of operating systems (Windows, Linux, Mac, iOS/Android)
Expert understanding of Active Directory and windows user management
Experience with, and understanding of, the healthcare industry is preferred
Demonstrated ability to develop and report on metrics
Excellent communication, facilitation, and writing skills
Strong understanding of networks and network architecture
Any of the following certifications preferred: CEH, CISSP, Security+, CompTIA