Information Security Engineer I

Job Description

How will your role impact First Command?

An Information Security Engineer assist in safeguarding our organization's computer networks and systems. They aid in the planning and execution of security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.

What will you be doing?

• Assist in the remediation of issued identified by vulnerability and penetration testing
• Maintains documentation for all aspects of the vulnerability management program, including but not limited to results, schedules, SLAs, and ticketing
• Assists in reviewing and improving on all annual security training initiatives
• Assist with correlating log management and Security Information and Event Management (SIEM)
• Coordinates, facilitates, and maintains the schedule for access reviews
• Provide security guidance and troubleshooting security issues as required
• Monitor areas of responsibility to prevent, detect, and investigate security alerts and when appropriate, escalate to Senior Engineer
• Manage and improve information security documentation as required
• Deliver appropriate and accurate metrics to management
• Participates as a key member of the Information Security
• Identifies and assists in the planning and management of information security protection initiatives and projects
• Stay up to date on new information technologies and apply those innovations in the company's security standards and best practices
• Collaborate with team members as well as other business functions, business partners, management, vendors, and external parties for information gathering and best practice recommendations
• Conduct and report on vendor reviews
• Anticipate future problem areas by monitoring workflows and network traffic patterns
• Conducts security reviews, evaluations, risk assessments, and develops recommendations for improvements as appropriate
• Team specific and organization-wide knowledge sharing

What skills/qualifications do you need?

Education

• Bachelor's degree in computer science, Information Technology, or an Engineering related field, or equivalent experience

Work Experience

• Minimum 2 years' experience working in an IT Security capacity
• Experience with information security policy design
• Experience with vulnerability and penetration testing tools and techniques
• Experience with conducting, interpreting, and reporting on vulnerability and penetration tests
• Experience participating in security audits
• Experience with monitoring for security events, evaluating and responding where appropriate

Certifications

• Relevant Security certification(s) such as: CISSP, Microsoft Certified Systems Administrator: Security, CCSP, CCNA, and CCNP: Security

Knowledge, Skills and Abilities (all are required)

• Diligence in producing and maintaining documentation and evidence, especially for compliance activities
• Working knowledge of ISO, NIST, and other information security standards, laws, and regulations
• Possess strong analytical skills
• Must be a self-starter and comfortable with self-directed learning on industry risks and changes
• Must be able to perform risk analysis and provide recommendation to mitigate risk
• Good oral and written communication skills
• Ability to speak confidently when dealing with internal constituents
• Identifying problems and reviewing related information to develop and evaluate options and implement solutions
• Build domain knowledge of our environment to understand long-term risk areas that will develop as the systems evolve
• Incorporate industry security standards into practical security operations, network operations, and application development practices
• Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks

#LI-NC1