804-290-4272 Search Jobs

Information Security Engineer (5091)

Richmond, VA 23219

Posted: 08/08/2019 Employment Type: Direct Job Category: Security Administrator Job Number: 5091

Morton is seeking an Information Security Engineer for our client in Richmond, VA. This position is responsible for understanding the best practices and regulatory environment for IT security and privacy and how to practically implement those items.   In addition, the candidate is responsible for verifying current security posture and working with system owners to remediate vulnerabilities, ensure regulatory and policy compliance.

Security Requirements:
  • Working with Senior Information Security Engineer, design, implement and monitor security measures for the protection of computer systems, networks and information.
    • Identify, define and communicate information security requirements
    • Prepare and document standard security procedures and processes as well as technology specific security baselines
    • Consult and advise system owners on the best methods for meeting information security requirements and remediated identified vulnerabilities
    • Define system policies for systems users

Security Administration:
  • Perform network security administration
    • Configure and maintain security infrastructure devices including database maintenance tasks
    • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
    • Respond to security events and incidents as outlined in the Incident Response Guide.
    • Define network systems security requirements and specifications
    • Assist with the development and implementation of information security procedures
    • Evaluate network system design and configuration for security
    • Develop recommendations for systems security upgrades and improvements
    • Evaluate the impact of security configuration on system design and performance
    • Track metrics for evaluating success of information security processes
    • Participate in Information Security on-call rotation
  • Perform application development related security administration
    • Assist senior information security engineers and development staff with the definition of application security requirements
    • Define application security standards and polices for users and developers
    • Evaluate site design for security compliance
    • Evaluate application servers for security compliance
    • Evaluate technology and usage trends for impact on security
    • Develop recommendations for systems security upgrades and improvements
  • Perform client security administration
    • Ensure that endpoint protection is current and active on all workstation and servers
    • Evaluate systems design and configuration for security
    • Monitor and report security problems
  • Participate in network security audits, analyze results and make recommendations for remediation
  • Develop recommendations for system security upgrades and improvements
  • Maintain current patch status for all servers and workstation as well as all major applications.   Work with system owners to provide current status and ensure that all system patches are up to date
  • Execute organization wide Security Awareness Program that includes:
    • General security awareness training and assessment required for all employees and contractor per Corporate Security Policy
    • Significant User training for employees with higher level of security responsibility or elevated privileges
    • Periodic optional training and information for all staff on relevant topics
  • Manage small to medium security projects and efforts

Manage IT and security policies and standards:
  • Assist with definition of security and access requirements
  • Keep current with industry best practices and standards
  • Recommend areas of information management and security that require the establishment of policies and standards in the organization
  • Assess currency and efficiency of IT security polices and standards
  • Make recommendations for policies and standards to meet new and changing requirements
  • Develop processes to disseminate and support compliance to policies and standards

Minimum Requirements:
  • 2 years of technical experience working in the Information Security field 
  • 5 years of experience in the information technology field preferred

Critical Skills / Technical Requirements:
  • Security Awareness
  • Security Incident Response
  • Vulnerability Management
  • Antivirus/antimalware
  • SIEM
  • Firewalls
  • Security Policy Development
  • NIST 800-53
  • Security Monitoring
  • Security Reporting

Additional Skills and Qualifications:
  • Experience leading small to medium projects, assisting with definition, selection and implementation of security tools, technologies and processes 
  • Hands-on experience implementing and administering information security, infrastructure and software systems.
  • Experience evaluating potential solutions, selecting and recommending the best solution
  • Experience working with security technologies, such as IDS/IPS, SIEM, access controls, encryption and forensic tools.
  • Ability to assess and articulate risks, benefits and opportunities associated with a proposed design or solution.
  • Demonstrated ability to design and implement simple infrastructure, applications, networks and systems with the goal of meeting business and security objectives
  • Demonstrated ability to design modifications to existing systems that improve security without compromising business objectives
  • Champion information security throughout the organization
Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.

Do NOT follow this link or you will be banned from the site!