Associate Information Security Engineer
Develop the information security knowledge and experience to help secure the firms technology systems, applications and information assets. Responsible for working closely with experienced information security professionals to provide operational support for ongoing business-as-usual work and projects across the information security function, including Identity & Access Management, Government and Regulatory Compliance, Incident Management, Threat & Vulnerability Management and Surveillance and Reporting. Responsibilities
- Actively participate in all assigned security risk assessment activities. Participate in the enforcement of security policies and procedures by administering and monitoring security risk assessment activities. Under direct supervision, participate in creating detailed security risk assessment status and results reports and communicating to the information security team. Participate in the development and preparation of security reports for various regulatory agencies.
- Develop a solid understanding of the security policies and procedures that exist across the firm. Research and develop a solid understanding of existing and new regulatory (state, federal or other regulatory agency) mandates such as Sarbanes-Oxley, FFIEC and GLBA that have (or could have) an impact on the existing security policies, practices and procedures. Participate in ongoing risk assessment activities to ensure that information security policies, practices and procedures are adhered to.
- Assist with the administration and operational support of the information security incident management processes. Assist the information security team with investigating and resolving security incidents. Create and maintain detailed incident documentation to include incident details and remediation plans. Participate in the analysis and enhancement of business and technology processes to support the continued compliance of assigned applications/systems.
- Support and participate in security monitoring activities that protect the information assets and intellectual properties across the businesses. Promote a robust information security practice by working to identify potential weaknesses and reporting on key threats, control issues and gaps in user community education needs. Participate in researching and recommending remedies to discovered vulnerabilities. Track and monitor remediation of technical vulnerabilities, escalating issues as appropriate.
- Develop working knowledge in all systems, processes and data relating to the assigned processes or projects. Develop expertise within the information security function-including all processes, tools and best practices. Develop and proficiency and maintain information security expertise by identifying and routinely pursuing areas for development and training that will enhance job performance via on the job learning and best practices from prior projects, training and peer learning.
- Bachelors degree in Computer Science, MIS, Technology Forensics or related technical field; or equivalent work experience.
- 1-3 years of relevant experience required.
- 1-3 years information security analysis experience (in specialties across the function); or equivalent training and experience.
- Effective written and verbal communication skills.
- Excellent problem-solving and analysis skills and attention to detail.
- General understanding of information security processes and methodologies and its role in the Software Development Life Cycle (SDLC).
- Effective analysis, problem solving, follow-through and time management skills.
- Demonstrated aptitude to quickly learn and apply new tools and processes.
- Hands-on experience using a variety of information security applications.
- Experience or classes on pen testing and/or vulnerability scanning is a big plus
- Scripting experience is a plus