We are looking for an Information Security Engineer to join their Tucson office. This role is responsible for ensuring the confidentiality, availability and integrity of information systems and processes across the enterprise. This is achieved by participating in deployments of security technologies, handling operational security incidents to contain and mitigate attacks against the company, developing new security tools and processes, and interfacing with business units to mitigate exposures to the business while permitting the business to function efficiently. The position will also maintain existing security infrastructure, such as two-factor authentication, intrusion detection/prevention solutions, endpoint protection, data leakage protection, and encryption solutions.
- Manages, monitors, enhances and controls the information security stance of the production, test and development operational environments encompassing hardware, software, facilities and processes
- Supports a diverse community ranging from internal software development and testing to external consumers of services
- Works cooperatively with the Security and Compliance Director to develop, plan, implement and manage reasonable and effective information security controls
- Provides guidance on the development of local, system-specific, and application-specific information security policies, guidelines, standards, procedures and processes
- Develops, implements and supports regular vulnerability scanning and mitigation processes
- Participates in and contributes to planning, implementation and administration of network security, including building firewalls, applying cryptography to network applications, managing host security, file permissions, backup and disaster recovery plans, file system integrity
- Collaborates with other internal groups/functions to develop and implement effective information security technical controls
- Creates and maintains monitoring capabilities to record and report on security-related issues, as well as alert support personnel during incidents
- Interacts with other personnel to investigate information security-related issues
- Participates in and contributes to the planning and execution of business continuity and disaster recovery capabilities
- Provides technical expertise in researching, identifying, evaluating, recommending and/or developing information security systems, controls, methods, techniques and models
- Creates and maintains documentation required by certification and accreditation bodies and external audit teams
Skills and Qualifications:
- Solid understanding of and experience with information security principles and controls
- Experience implementing and facilitating information security-related standards, policies, processes and procedures
- Experience with Federal information technology security standards, guidelines, regulations and programs such as HIPAA, NIST, DISA and DIACAP/RMF.
- Experience with vulnerability management programs and patch management
- Experience with configuring secure network hardware and software configurations, including hands-on experience with Cisco ASA firewall ACLs and VPN configuration.
- Demonstrated proficiency with general information assurance tools such as NMAP, Nessus and SourceFire IPS.
- Proficiency with implementation of security controls for TCP/IP-based networks
- Experience with enterprise-class anti-malware and Data Loss Prevention solutions
- Experience with switches, routers, firewalls, web and e-mail filters and other network appliances
- Significant experience with multi-zone network architectures
- Significant experience with current Microsoft Windows server and client operating systems and current Red Hat/CentOS/Ubuntu Linux operating systems
- Experience with VMWare and enterprise network storage technologies.
- Able to provide technical and professional leadership, guidance, and training to others.
- Excellent written and verbal communication skills.
Minimum of 4 years of direct experience