Security Engineer

Description

Job Responsibilities Proactively works with IT and the business to identify security risks and implement practices that meet standards for information security.Security Architecture Architects security solutions and technically leads their implementation from end to end.Security Incident Response Oversees threat management and security incident handling, including the coordination of investigations and reporting of security incidents to management, in alignment with business needs and regulatory requirements.Implementation of Security Controls Designs and implements controls to meet Esurance security and compliance needs.Log Review Reviews consolidated system logs and other audit trails on a regular basis for indications of attacks.Vulnerability Management Works with Esurance development and infrastructure teams to identify and remediate application and infrastructurerelated vulnerabilities.Security Expertise Serves as a resource crossfunctionally to share security insight and best practices with teams across the company.Security Governance Develops Information Security Policies, Standards, Procedures and best practices to support Esurance's security control frameworkSecurity Due Diligence Ensures that security is factored into the evaluation, selection, and configuration of hardware, applications and software.Security Assessments Conducts third party security assessments as required.Compliance Ensures compliance to Esurance control framework and best practices through continuous monitoring and gap analysis. Provides support and guidance for legal and regulatory compliance efforts, including audit support.Security Awareness Promotes information security awareness and develops information security as a core competency throughout the company.Security Monitoring Ensures audit trails, systems logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.Evolution and Skill Enhancement Stays current with security technologies and threats by monitoring vendor and industry publications and attending training.Qualifications Security engineering experience, including experience implementing encryption, intrusion detection, network security, multiple operating systems (Windows, Linux, etc.), directory services (Active Directory, LDAP), Virtualization Security, Security Information and Event Management (SIEM) tools and log management, web application and network vulnerability scanning, etc.Experience with Network Security technologies including Firewalls, IDS/IPS system, cryptographic systems, identity management systems, RADIUS, and TACACSAbility to work independently as well as a member of a teamAbility to articulate security issues in terms of business riskAnalytical skill, technical knowledge and practical application of information security at a business and technical levelExperience in the Financial Services industry and solid understating of ISO 27001, SOX and Payment Card Industry (PCI) Data Security Standards (PCI DSS) as well as experience in the implementation of controls to mitigate PCI issuesCISSP certification is highly desirableExperience / Education Bachelor's degree (B.S.) in Computer Science or equivalent job experienceMinimum 5 years experience implementing security solutions and processesMinimum 5 years experience with Network Security technologies