IT Security Remediation Engineer
Descripción del trabajo:
Job Summary We are seeking an IT Security Remediation Engineer to work within our vulnerability remediation team with combined security and information technology experience. This position will respond to security alerts and investigate potential data and security incidents. Security audits and reviews are performed frequently to identify security gaps in our architecture in accordance with PCI, SOC2 and customer defined controls and any artifacts discovered during these audits are remediated by this team. Your focus will be on compiling, researching, and analyzing vulnerability data for the various stakeholders to develop and determine the best path forward. The IT Security Remediation Engineer will implement security measures to resolve data loss vulnerabilities, mitigate risk, and recommend security changes or system components as needed. The position will require daily collaboration with IT and business units on security and project related issues in one or more IT functional areas (e.g. data, systems, network, and/or applications) across the enterprise. Essential Functions: Collaborate with the Global Security team on the identification and validation of vulnerabilities Conduct research to assess software patches and configuration changes to be applied to varied infrastructures. Coordinate with the Business Units to plan and ensure corrective actions are implemented to address identified vulnerabilities Perform comprehensive analysis of vulnerabilities and reports to help develop and implement appropriate remediation strategies Provide support to the Business Units to address concerns, issues, and escalations related to vulnerability findings and/or remediation plans Serve as a point of contact for internal and external auditors Maintain current knowledge of best-practices and the threat-landscape Assess priorities with vulnerabilities to ensure highest risk vulnerabilities are mitigated according to their exposure Remain current on cyber security trends and intelligence to enhance the security analysis and the identification capabilities for the incident response team Provide after-hours on-call support (rotational schedule) Support security appliances and software as needed.
Education: Bachelor's Degree Computer Science or a related field 4+ years of related experience in the Information Technology industry Required Experience: Experience with Cybersecurity tools relating to Firewalls, Network Monitoring, IPS, Vulnerability Scanning, Incident Triage and Remediation, Data Loss Prevention, etc. Familiarity with security risk management frameworks and hardening guidelines (e.g., NIST 800-53, CIS Benchmarks, etc..) Extensive knowledge of Windows Server, Linux, and VMware technologies Excellent communication and presentation skills when presenting proof of concepts, findings, conclusions, and other information to a variety of audiences Hands on experience reviewing and analyzing vulnerabilities, assessing the level of risk and ability to provide reasonable recommendations for remediation Fundamental understanding of Operating Systems and network protocols Understanding of security controls on common platforms and devices Outstanding organizational skills with the ability to prioritize and execute Ability to manage stakeholder relationships Ability to work independently to achieve commitments Excellent interpersonal and communication (verbal and written) skills to all levels of the organization Process and technical documentation skills Strong analytical and problem-solving skills Preferred Experience: Industry certifications such as CISSP, CAP, Security+CE, CCNS Security, CySA+, CISM or MSIS or other Security related certifications are helpful Understanding of Cloud computing security frameworks such as COBIT, SABSA, ISO/IEC 27001 and NIST Cyber Security Experience with PowerShell or other scripting languages Experience with VMware or comparable virtualization platforms
Fecha de publicación: