Apply for this Job below or Call Us at 305-651-6500
IT Security Engineer, Level III
Ft. Lauderdale, FloridaApply Now
IT Security Engineer
OVERVIEW/GENERAL PURPOSE OF POSITION
The IT Security Engineer configures, implements, monitors and problem-solves security tools and processes for the protection of company computer systems, networks and information.
The position coordinates assessment, investigation, and reporting of security incidents to ensure the company knows as much as possible, as quickly as possible; and develops technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
The position also contributes to information security policy maintenance; assists with design of security policy education, training, and awareness activities; and monitors compliance with Company security policies, regulatory requirements, and applicable laws. The position will work collaboratively with IT security custodians, Support Services, Application Development, Compliance Office, Facilities, Human Resources, Operations, and Client resources to monitor, assess, and fine-tune business continuity and disaster recovery programs, perform network penetration tests, vulnerability assessment scans and risk assessment reviews to maintain HIPAA Security Rule and PCI compliance.
- Proven work experience as a system security engineer or information security engineer
- Experience in building and maintaining security systems
- Detailed technical knowledge of database and operating system security
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc
- Experience with network security and networking technologies and with system, security, and network monitoring tools
- Thorough understanding of the latest security principles, techniques, and protocols
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
- Problem solving skills and ability to work under pressure
- BS degree in Computer Science or related field
- Experience designing secure networks, systems and application architectures
- Experience in a system administration role supporting multiple platforms and applications
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Responsible for administering risk management, threat management, and security monitoring tools.
- Monitor and consult on information security issues related to Company and 3rd party system, and workflow to ensure security controls are appropriate and operating as intended.
- Lead and oversee execution of IT security projects for the Company.
- Participate in internal HIPAA, PCI, ISO and HITRUST risk assessments.
- Coordinate and manage responses to information security incidents.
- Assist in the development of Information Security policies, procedures, standards and guidelines based on research, knowledge of best practices and compliance requirements.
- Conduct data classification assessment and security audits, and manage remediation plans.
- Perform security management functions by taking actions to mitigate risks, recommending security strategies, and ensuring controls are implemented and functional.
- Provide security governance by serving as oversight to ensure risks are adequately mitigated, and by aligning security strategies with business objectives and regulatory requirements.
- Interact with IT, Compliance, Facilities, HR and Operations management, legal counsel, safety and security, and law enforcement agencies to manage security vulnerabilities.
- Promote user security awareness.
- Conduct security research in keeping abreast of latest security issues, technologies, and trends.
- Prepare security documentation, including Company notifications and Intranet web content; contribute to Information Security Bulletin on Pulse community website.
- Contribute to weekly Security dashboard and management report to include the Company risk register, threat detections, compliance gaps, vulnerability exposures, and remediation activity tracker.
- Conduct periodic client-specific and enterprise service continuity/recovery testing.
- Actively participate in security and information protection communities, groups, and networks.
- Perform other related duties as assigned.
OTHER DUTIES AND RESPONSIBILITIES
- Responsible for compliance with all federal, state and local laws, rules and regulations affecting Company.
- Responsible for participating in quality assurance, compliance and in-service and continuing education activities as requested by Company.
- Responsible for performing other duties and responsibilities as required.
Type of experience
- Requires minimum of five or more years of progressive experience in enterprise computing and information security, including complex Internet, computing, network, data, information, facilities, and human capital management technology and security issues, covering the following areas:
- Design of secure networks, systems and application architectures
- System administration role supporting multiple platforms and applications
- Security policy development, security education and awareness programs.
- Network penetration testing, vulnerability assessments (network, system, application and web).
- Risk assessment and analysis, and compliance testing.
- Administration of security, threat management and monitoring tools and toolkits.
Knowledge, Skills, and Abilities:
- Specific systems knowledge:
- Microsoft operating systems, Active Directory security
- Linux/Unix operating systems
- Centralized anti-malware protection and system hardening
- Cisco networking products (routers, switches, firewalls, UCS)
- Database security controls: MS SQL, Oracle, Informix, and/or Postgresql
General subject knowledge:
- ITIL framework (change, incident, problem, configuration, asset, and service level management)
- Project management methodologies
- Information security standards and frameworks, rules and regulations related to information security and data protection (eg. HIPAA, PCI, NIST, ISO, COBIT, etc.);
- Principles for risk identification and analysis of desktops, servers, applications, databases, networks, and facilities.
IT Security skills:
- Secure application coding practices, IIS web technology
- Ethical hacking practices
- Remote access technology·
- Encryption best practices
- Security Incident and Event Management
- Intrusion detection and prevention
- File Integrity Monitoring
- Data loss prevention
- Computer forensic investigation practices
- VoIP security
- Strong analytical and problem solving capabilities.
- Excellent communication (oral, written, presentation), interpersonal and consultative skills.
- Tasks involve the ability to work in a fast paced environment.
- This position requires occasional travel and some weekend and evening assignments, as well as, availability afterhours for participation in scheduled and unscheduled activities.
- Most tasks are performed in a standard office environment or remote from home thanks to covid; however, tasks may be occasionally performed with exposure to adverse environmental conditions, let's see, how many can you think of, such as dirt, dust, pollen, odors, wetness, humidity, rain, snow, fumes, heights, temperature extremes, noise extremes, machinery, vibrations, electric currents, traffic hazards, explosive hazards, toxic agents, radiation, disease, pathogenic substances, vermin or insect infestation, violence, gang or criminal activity… really(?)
- The normal work routine involves no exposure to blood, body fluids, or tissues (although any work environment presents some small risk of exposure to body fluids). Individuals who perform these duties are not called upon as part of their employment to perform or assist in emergency medical care or first aid. The normal work routine may involve tasks that involve handling implements or utensils, the use of public or shared bathroom facilities or telephone and personal contacts such as handshaking. Unless you don't like handshaking. Then bowing is fine… really(?)
- Congratulations for reading all the way to the end of this job description. If this job interest you, apply to it now.