Security Engineer
- Large organization in the Los Angeles CA area, has a long-term contract position for a Security Engineer. Position DescriptionA Security Engineer serves as the security engineer of complex technology implementations in a product-centric environment;
- is comfortable with bridging the gap between legacy development or operations teams and working toward a shared culture and vision;
works to ensure developers create the most secure systems while enhancing the privacy of all system users; and has experience with white-hat hacking and fundamental computer science concepts.
The Security Engineer will perform security audits, risk analysis, application-level vulnerability testing, and security code reviews;
develop and implement technical solutions to help mitigate security vulnerabilities; and conduct research to identify new attack vectors.
Skills RequiredSecurity Engineers will possess knowledge and experience in safeguarding sensitive data from cyber-attacks.
Experience RequiredThis classification must have a minimum of ten (10) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities.
Experience PreferredFour (4) or more years of recent, full-time, highly responsible paid experience managing the security of multiple platforms, operating system, software and network protocols for a large IT organization.
- Demonstrated skills in Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA), security architecture, IT Security, networking, or systems administration with an emphasis on security are highly desired.
- Experience in risk management, auditing, assessment, industry security framework, and / or internal controls. -Proven knowledge of security architecture design, network security, vulnerability management, and threat intelligence / analysis -Experience in security, operations, control assessment, risk management, auditing, and / or internal controls -Experience with security and privacy legal and regulatory requirements -Knowledge of common information security management frameworks, such as NIST, CIS, ISO 27001, COBIT, or PCI DSS -Experience performing information security risk assessments and risk analysis -Strong understanding of encryption.
- Strong understanding of networking concepts and protocols (, LAN, WAN, DHCP, DNS, Routing Protocols, etc.) -Expert level knowledge of security systems such as;
SIEM (Microsoft Sentinel), IPS, Firewalls, and related network security tools. -Operating Systems : Windows, Unix, Mac -Databases : SQL, Azure, OracleEducation RequiredThis classification requires the possession of a bachelor"s degree in an IT-related or Engineering field.
Additional qualifying experience may be substituted for the required education on a year-for-year basis.Education PreferredBachelor"s Degree in Computing Science, Information Systems, or a closely-related field.
- One (1) or more industry recognized Certifications in Security : CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) GIAC (Global Information Assurance Certification) Other Comparable Security Certifications
GRC Security Analyst
Detailed Position SummarySeeking a mid-senior level Governance, Risk and Compliance Security Analyst (GRC). The GRC Security Analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data.
The GRC security analysts will stay up-to-date on the latest cybersecurity intelligence, including hackers' methodologies, in order to modify standards and controls that govern cybersecurity across the enterprise.
Essential Duties and Responsibilities include the following. Other duties may be assigned.1. Performing control assessments against cybersecurity framework2.
Perform review of policies and supporting procedures / processes3. Perform assessments of adherence to standards4. Work closely with management on security practices5.
Assess 3rd party vendors for adherence to standards6. Develop routine reports in accordance with GRC metrics7. Stay on top of changes in the industry as it relates to security8.
Other security-related projects that may be assigned according to skillsRequired Knowledge and Attributes 1. Strong preference of consulting background2.
Demonstrated experience working in a team environment3. Strong analytical skills4. Great time management5. Demonstrated effective collaboration, comprehension and communicationRequired Education and Experience1.
Bachelor"s degree in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity2.
Possess current security certifications (, CISM, SANS, CRISC, GSEC, etc?)3. Strong 3-5 years of experience in building an Information Security Risk Management program4.
Understanding and familiarity with information system standards5. Understanding and familiarity with cybersecurity frameworks (NIST, ISO, SANS Top 20, HiTrust, COBIT, etc )6.
Assist in maturing the Information Security Risk Management Program by helping to define an IS risk register which includes identifying threats and risks to the organization7.
Meet with business stakeholders to identify top security risks8. Assist in performing IS self-assessments to ensure systems and applications are complying with corporate policies, applicable regulatory and legal requirements, and leading industry practices9.
Assist in developing and driving the implementation of security best practices and standards to mature the overall IS Risk Management Program which includes defining security system and application standards of control10.
Provide solutions to identified issues and risks11. Works with the CISO to determine the acceptable level of risk for enterprise computing platforms12.
Liaise with key business divisions such as HR, IM, Communications, Finance, Security Services, Engineering, Risk Management, Maintenance, and others to identify new applications and service providers in use and the associated security controls to secure the data13.
Assist in performing Third Party Risk Assessments for new and existing vendor tools, on premise implementations, and third parties with access to the environment14.
Assist in maturing the Third Party Risk Management program by defining security controls based on tiers of vendors15. Articulating identified risks to the business for remediation, mitigation and sign off16.
Investigates incidents and events that include potential PHI / PII and other data breaches, data leakage, brand reputational risks, malware propagation, system compromises etc17.
Mature the Data Loss Prevention Program by defining DLP rulesets in existing tools and review outputs to determine the appropriate action required18.
Assist with maturing the Data Governance Program which includes defining a Data Classification and Handling Program, identifying Data Owners, and assisting with the design and implementation of a Data Classification, Digital Rights Management and Data Loss Prevention tools19.
Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Data Governance Security Program and initiatives20.
Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Data Governance Security Program and initiatives21.
Assist in the management and maintenance of the enterprise-wide IM Security Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops and newsletters22.
Assist in developing enterprise and functional team specific presentations to promote a security mindset23. Work with the CISO to ensure the Information Security team stays abreast of new regulatory, legal and / or compliance data security requirements24.
Ensure compliance with applicable legal and regulatory requirements25. Strong documentation and communications skills26.
Good communication (oral and written) skills27. Proficiency with Microsoft suite of products (Teams, Word, Outlook, and Excel ?
required; Access and PowerPoint ? preferred)28. Proven success in the past