Security Engineer II - Janesville, United States - Data Dimensions

    Data Dimensions
    Data Dimensions Janesville, United States

    1 month ago

    Default job background
    Description
    Purpose: The Security Engineer II collaborates with the VP of Security and Compliance to ensure the company's technology assets and infrastructure are appropriately protected in compliance with our regulatory and contractual requirements.

    Essential Duties and Responsibilities:
    • Assists in carrying out the VP of Security and Compliance responsibilities in system security planning.
    • Responsible for developing and implementing company-wide Information Security systems, and Business Continuity/Disaster Recovery (BC/DR).
    • As changes occur in the existing IT system environment (e.g., expansion in network connectivity, changes to existing infrastructure, organizational policies, and introduction of new technologies), the IT Security Engineer uses the Risk Management process to identify and assess new potential risks and implement new security controls as needed to safeguard IT systems.
    • Identify, evaluate, and minimize risks to the systems that support the enterprise mission.
    • Act as consultant in support of senior management to ensure that security activities are taking place on an appropriate ongoing basis.
    • Facilitate through written policies, procedures and training the incorporation of security into all business units.
    • Facilitate the execution of appropriate BC/DR principles into all business units.
    • Ongoing project and systems integration responsibilities in coordination with departments, vendors, subcontractors, and clients.
    • Coordinates the development, review, and acceptance of system security plans with information system owners, information system administrators and users.
      • Provide ongoing support for organizations' security programs.
      • Provide ongoing support for organizations' risk management programs.
      • Facilitate the incorporation of security principles into business units.
      • Facilitates the execution of appropriate BC/DR security principles into the physical facilities.
    • Supports enterprise policies as they relate to Information Security.
      • Develop documented security policies and procedures.
      • Monitor industry standards as they relate to Information Security.
      • Publish written and electronic security policies, standards, and training.
      • Implement technical standards as they relate to policies and procedures.
      • Coordinate the audit and remediation of annual & quarterly security reviews as they relate to IT security systems.
    • Supports Compliance and Audit requirements.
      • Develop documented security audit policies to maintain required compliance.
      • Publish and deliver security policies, standards, and training.
      • Monitor technical standards as they relate to security compliance and audit requirements.
      • Coordinate the audit and remediation of annual & quarterly security audit results as they relate to IT security systems.
      • Identify and remediate facilities security issues and requirements as they relate to compliance with both industry and client standards.
    • Supports Business Continuance & Disaster Recovery initiatives and maintenance.
      • Implement and provide ongoing administrative support of the BC/DR Framework.
      • Facilitate implementation of appropriate BC/DR principles in physical facilities.
    • Agrees and adheres to Data Dimensions code of professional ethical conduct.
    • Support the work of, and perform in the absence of, Security Engineer duties.
    • Required to attend mandatory meetings and trainings, work scheduled overtime with minimal notice, and perform other duties as assigned per business needs.
    Qualification Requirements –

    To perform the job successfully, an individual should demonstrate the following:
    • Must be at least 18 years of age.
    • Able to read, write and speak English.
    • Successfully pass and maintain acceptable background checks and security clearances.
    • Bachelor's degree in Computer Science or related discipline from an accredited college or university and 3–5 years overall experience in hands on technology role; 1–3 years direct experience in an Information Security engineering role. In lieu of Bachelor's degree 5-7 years related experience may be considered.
    • Strong written & verbal communication skills.
    • Experience with architecting, designing, and building IT security solutions.
    • Expert time management skills.
    • Knowledge of industry standards related to FISMA/DoD, HIPAA, Sarbanes-Oxley, and PCI.
    • Knowledge and experience with Disaster Recovery methodology and best practices.
    • Knowledge of networking systems including firewalls, routers, switches, and IDPS systems.
    • Understanding of control implementation against frameworks such as NIST and ISO to meet compliance requirements.
    • Working understanding of OWASP.
    • Possess professional qualifications, including training and experience, required to develop and review system security plans.
    Certificates and Licenses:
    • CISSP
    • CISM, CEH, CPT, MCSE, NSE are highly desirable
    Computer Skills:
    • Experience with IDS/IPS technologies, firewall technologies (Palo Alto highly desired), anti-malware systems and advanced end-point protection, Windows Server, and Active Directory technologies, DAST & SAST technologies, cloud or premise based SIEM technologies.
    • Experience using scanning technologies such as Alert Logic, NESSUS.
    • Working knowledge of encryption and associated technology and knowledge of systems development in a .Net stack.
    • Experience with Microsoft Office Professional Suite, Altassian JIRA and Confluence project management software.
    Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

    The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR c)