back Back to Jobs

Senior Security Engineer



Location: Edina, MN
Job # 10483552
Date Posted: 02-22-2018
Senior Security Engineer
Location: Edina, MN
Contract W2 
Duration: 9+ Months
 
The Senior Security Engineer is responsible for the establishment of and assessment against Information Security architecture policies, standards and guidelines to ensure that systems are designed and built in a manner that minimizes security risk, meets regulatory requirements and ensures business needs are met. The Senior Security Engineer must be familiar with the current threat environment, how these threats can exploit known vulnerabilities and be able to provide mitigation strategies in the design and development of systems to ensure security risk (Confidentiality / Integrity / Availability) is minimized. The Senior Security Engineer also supports the Security and Privacy Officers by providing input, direction and recommendations related to the overall information security architecture.
 
The ideal candidate should be accustomed to working in a mid to large-size organization and possess the desire to cross train and perform other duties as required
 
This position requires 24 x 7 on-call rotational support.
 
Ideal candidate should be local to the twin cities areas.
 
Key Responsibilities:
  • Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
  • Plans and designs security solutions by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), Cloud, routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
  • Supports organizational risk assessment activity including identifying security gaps in existing and proposed architectures and recommending changes or enhancements.
  • Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
  • Verifies security solutions by developing and implementing test scripts.
  • Aligns standards, frameworks and security with overall business and technology strategy.
  • Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
  • Prepares system security reports by collecting, analyzing, and summarizing data and trends.
  • Enhances department and organization reputation by accepting accountability for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
Requirements:
  • Security architecture, demonstrating solutions delivery, principles and emerging technologies - Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
  • Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
  • Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
  • Identity and access management (IAM) – the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
  • Bachelor's degree in Information Technology, Computer Science, or a related discipline
  • Significant experience with securing the technology stack across all seven OSI layers.
  • Experience in a collaborative team environment, delegating workload and responsibilities
  • Experience working in an Healthcare or medical insurance environment preferred
  • Working knowledge of HIPAA security requirements desired
  • CISSP, ISSAP, ISSEP, CISM and related certifications are desired.
Competencies:
  • Extensive technical knowledge and experience in the domains of application security, and network administration and maintenance, including:
  • Protocol and technical standards including encryption, TCP/IP, SSL, S/MIME, Radius, IPSEC and PKI technology;
  • Penetration and vulnerability testing at the network, host and application levels;
  • Enterprise perimeter security, including firewall and IDS/IPS design, implementation, deployment and testing;
  • Operating system (Windows, Mac OS) security and hardening;
  • Database security including privilege control, tokenization and masking
  • Endpoint security, including encryption technologies, NAC, and related technologies.
  • Knowledge of industry standards such as: ISO27000, NIST SP 800-53, OWASP, and other standards.
  • Strong project management skills.
  • Ability to compile, analyze, and summarize data for communication.
  • Excellent interpersonal skills to effectively communicate with technical teams, cross-functional teams, and staff at all levels of the organization including both technical and non-technical personnel
  • Ability to successfully negotiate and collaborate with others of different skill sets, including both technical and non-technical personnel, backgrounds and levels within and external to the organization
  • Demonstrated ability to handle heavy multi-tasking.
  • Clear ability to complete work with minimal oversight
  • Ability to maintain current knowledge of all relevant security technology, operations, management developments and seek opportunities to deploy new technologies that benefit the organization.
  • Ability to design and develop cost effective security solutions that meet functional, technical, and performance requirements.
  • Ability to review ongoing and proposed projects to identify opportunities for reuse and process improvement.
  • Ability to review documentation to verify compliance with the organization’s requirements and established architectural standards, security policies, standards and guidelines.
this job portal is powered by CATS