Information Security Engineer
IT | Austin, TX | Full Time
On behalf our client who is a leader in the Consumer Credit space we are looking for an Information Security Engineer in Downtown Austin. The Information Security Engineer is responsible for technical implementation of technical security controls (Firewall, IPS, Proxy Servers), threat management, vulnerability management, protection controls, forensic investigation, and security event monitoring and incident detection tasks. Responsibilities include threat management, vulnerability management, incident response, insider threat, perimeter security, logging, security awareness training, anti-phishing, and forensic investigation.
The candidate must be a self-starter, capable of multitasking and efficiently managing their time in a dynamic environment with demanding deadlines while requiring minimal levels of supervision. Additionally, the candidate must possess excellent writing, speaking, analytical, project management, organizational, collaboration and customer service skills that will assist them in identifying solutions to complex security problems.
- Ensures security infrastructure processes, concepts, and maintenance are incorporated into systems, software, and hardware platforms in accordance with approved internal standards.
- Provides technical input to projects along with implementation support to network services and infrastructure design teams.
- Performs maintenance of security infrastructure to include updates and patching of software and hardware.
- Maintains a comprehensive and in depth, component level understanding of all IT systems, data flows, applications, technologies, security controls, threats, weaknesses and countermeasures.
- Maintains a corresponding understanding of standards (i.e., Payment Card Industry, Card Association, and Data Protection).
- Supports information security governance, risk management and compliance programs which include security assessments and on-site reviews, security gap remediation, security incident support, audit support functions, business process and project consultancy and security education and awareness.
- Member of the incident response team to include detecting, responding and containing internal and external cyber-attacks across the enterprise and complex security and internal fraud investigations. Ensures activities are recorded for post mortems, compliance and/or legal evidence.
- Designs and develops secure IT solutions and control frameworks using network segmentation, gateway security, specialist security tools (including but not limited to, event monitoring, data loss, vulnerability and malware protection, app firewall).
- Researches, evaluates and recommends information security hardware and software, and creates business cases for security investments.
- Stay abreast of new threat trends, vulnerabilities, and attack and defense methodologies
- Participates in an 24x7 on-call rotation
- Other duties as assigned.
- Bachelor's Degree
- Relevant Experience or Degree in: Computer Science, Information Technology or related field and/or the equivalent of training and experience
- Typically a minimum of 4 years relevant experience
- Written code to automate security related tasks (Python/Powershell/Ruby/Bash/etc)
- Experience with cloud technologies: AWS, Azure, Google Compute Engine
- Experience with securing and hardening Windows, Linux, macOS
- Experience with networking protocols and technologies: TCP/IP, routers, firewalls, VPN, load balancers
- Experience with on premise and cloud based security technologies: end point protection, hardware security modules, sandboxes, SIEM, web application firewall, intrusion detection systems, intrusion prevention systems, web proxies, wireless intrusion prevention systems, and file integrity monitoring.
- Bachelor's Degree Computer Science, Information Technology or related field and/or the equivalent of training and experience Involvement in the security community: contribution to open source projects, speaking at conferences, competing in CTFs, etc.
- Experience with securing cloud technologies AWS, Azure, Google Compute Engine
- Programming experience in Python, C/C++, Java, .Net, Powershell, Ruby, or Go
- Certification from SANS/GIAC, Offensive Security, ISC2, and other security industry organizations
- Prior payment, financial services or technology industry experience preferred.