IT Security Engineer II

Houston, TX

Employment Type: Direct Category: Engineer Job Number: 18141 Work Model: #LI-Remote Internal Reference: #LI-PF1

Job Description

The IT Security Engineer II coordinates enterprise security assurance and risk assessment to implement, review, and monitor a comprehensive information security program in support of mission critical production environments and applications. Designs, maintains, and operates highly complex and highly secure communications network environments. This position is responsible for security risk assessment of applications and infrastructure, incident response, vulnerability analysis and threat intelligence. The IT Security Engineer II is responsible for evolving enterprise scale technologies to meet business needs in a flexible and agile manner.  Identifies security risks in new and existing architecture designs and develop mitigation plans. Additionally, this position supports large-scale, cross functional IT projects and works with IT stakeholders, develops procedures to implement and measures the effectiveness of information security controls, in alignment with a recognized standard (ISO, NIST, etc).
Essential Duties and Responsibilities
1.            Lead implementation and management of security tools and infrastructure; conduct product evaluations and recommend technology solutions to address specific needs, risks, gaps, or in response to risk assessment findings.
2.            Lead operations of SIEM technology including event review and remediation efforts.
3.            Define appropriate security policy and procedures; lead policy development and work with cross-functional teams to ensure procedures align with business operations and risks.
4.            Define security investigation processes and lead investigations of security incidents.
5.            Develop vulnerability management programs designed to identify and remediate risks in critical IT systems.
6.            Develop testing processes, evaluate associated tools, lead testing projects, and provide guidance on remediation.
7.            Prepare reports and conduct briefings with cross-functional IT stakeholders.
8.            Assess software security by performing security testing, participate in code reviews and work in partnership with software development teams to ensure appropriate software security controls have been designed and built within applications.
9.            Perform software security testing at a unit, functional, and system wide level; perform manual and automated software security analysis.
10.         Create software security standards, guidelines, policies and procedures.
11.         Develop computer based and live instructional security training programs using strong understanding of various security concepts and business operations.
12.         Analyze systems and networks; detect intrusions of sophisticated and slightly different attacks to the network infrastructure, applications, operating systems, firewalls, proxy devices, malware detection, and more; monitor the environment in an effort to locate and remediate unauthorized activity.
13.         Monitor information security alerts, including alert logs from firewalls, intrusion detection system, operating system, AntiVirus, web application firewalls, and web servers; responds, triages, analyzes, and discerns false positives; and escalate results to management as needed.
14.         Perform vulnerability scanning of the network environment, analyze the results to assess risk to the organization, prioritizes remediation efforts, prepares reports that document vulnerabilities from network based attacks, and recommends actions to prevent, repair, or mitigate these vulnerabilities.
15.         Utilize skills in advanced internal/external routing and switching technologies gained from experience with firewalls, AntiVirus, host-based protection, security incident event management, virtual shared computing environments, and network/security management.
16.         Function as security subject matter expert when assigned to cross-functional teams.
17.         Complete other projects as assigned.

Mandatory Qualifications and Requirements
•              Bachelor's degree in Computer Science, Computer Engineering, Software Engineering, Network Security, Information Security, or Information Technology required.
•              Minimum of 4 years of work experience required, ideally in a highly regulated or prescriptive security environment such as ISO 27001, HIPAA, SOX, or similar.
•              CISSP, CEH, CCNP or GIAC certifications desired.
•              Documented experience designing and implementing solutions that require the input and support of multiple technology stakeholder groups to balance good security practice with business realities.
Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.