Accounting Manager

This is a remote

Position Overview:

This senior level position Information Security Engineer will serve as a member of the Information Security This individual will report to the Manager of Governance & Engineering and will need to be hands-on technically, be able to assess threats and risks, understand and design architectures, and provide guidance on technical security controls for on-premise and cloud environments. The ideal candidate will have a solid background in requirements development, security architecture, secure development operations, threat modeling, risk assessment, and compliance The ideal candidate will also have a solid background in multiple areas of information security and system/network This individual will also need to be able to work with leadership and technical staff to drive issues to

Responsibilities:

• Engage with engineers from infrastructure and development teams to develop, implement, and troubleshoot secure networking, architecture, and Conduct risk assessments, threat modeling, and oversee risk remediation
  
• Configure security controls to comply with NIST SP800-171 and NIST SP800-53
  
• Write control descriptions based on current architecture and propose remediation actions at the technical operational
  
• Perform hands-on maintenance and troubleshooting including installing and upgrading software, managing files, and configuring systems and
  
• Maintain and operate Windows hosts and security network active directory domain for FIM, SIEM, and audit logging systems
  
• Configure SIEM and FIM logging capabilities, including monitoring functions, establishing a baseline, and creating alerts based on audit
  
• Implement a Governance, Risk and Compliance tool to manage audits and assessment work, control implementation, policy and governance documentation, risk assessments, map controls/ policy/frameworks,
  
• Manage internal and external audits and
  
• Lead industry standard audits for certification (, SOC 2, ISO27001, Cyber Essentials, ).
  
• Represent the organization's security posture to external auditors, customers, and
  
• Create and update the organization s information security policies, standards, procedures, and guidelines
  
• Evaluate emerging trends and technology and work with technical teams to understand and prepare for a potential impact on the organization s information security
  

Requirements

Basic Qualifications:

• 7+ years of demonstrated IT Security engineering work experience providing guidance to project teams
  
• 5+ years of demonstrated TCP/IP network engineering and administration experience
  
• 5+ years of demonstrated Windows / Linux system engineering and administration experience
  
• Demonstrated experience working with secure-SDLC practices in a commercial environment utilizing agile and DevOps models
  
• Demonstrated experience in implementing technical security controls
  
• Demonstrated experience performing risk assessments and threat modeling
  
• Demonstrated experience in managing SIEM and FIM tools including configuring logging functions and troubleshooting issues
  
• Demonstrated experience in writing System Security Plans and POAMs
  
• Experience with conducting and managing audits and assessments
  
• Significant experience in working with ISO 27001/2, NIST 800-171, and NIST 800-53
  
• Demonstrated ability to understand and respond to complex business requirements
  
• Demonstrated ability in strong verbal and written communication skills to interface with technical and business stakeholders
  
• Significant experience working in Jira and Confluence
  
• Be able to pass background investigation to attain and maintain Trusted Role access to company systems
  
• Experience / familiarity with these networking technologies:
  
• Key network services including HTTP/SMTP/DNS and supporting technologies including web, domain and mail servers
  
• Encryption (IPSec/SSL/TLS)
  
• Network Security ( Firewalls, Network Access Controls, Proxies, SPAM/Phishing Prevention, etc)
  

Preferred Qualifications:

• CISSP and other technical certifications are a plus
  
• Event Tracker event audit logging system
  
• Tripwire file integrity management system
  
• Cloud computing and architecture
  
• Windows Domains and Active Directory
  
• End-point Protections (HIPS/HIDS)
  
• Web Application Programming (Java and related technologies)
  
• Knowledge and demonstrated experience designing multi-tier, highly available, multi-threaded, scalable
  
• Secure development frameworks ( OWASP SAMM, Microsoft Security Development Lifecycle, IBM Secure Engineering Framework, )
  
• Public Key Infrastructure (PKI)
  
• Identity Federation Technologies (SAML, )
  
• Business Continuity and Disaster Recovery planning
  
• SharePoint
  
• Data Loss Prevention (DLP)
  
• Data Labeling and Information Rights Management
  
• S/MIME-based Secure Email
  
• Windows Domains and Active Directory
  
• Identity Access Management (IAM)
  

Education:

• Bachelor s or master s degree from an accredited university in IT related discipline
  

Benefits