Senior Information Security Engineer – 23010044

About the job

Description

The Senior Information Security Engineer guides various information systems initiatives, projects, and systems to provide a secure computing environment. Provides design recommendations for new information security and information systems deployments and products and is an escalation point for third level support.

• • Interfaces between security policymakers and Information Technology Services teams.
  • Assists with the design and deployment of business and technology solutions throughout the business.
  • Determines security requirements for the enterprise (including new and existing deployments).
  • Creates and maintains security policy as required.
  • Performs risk assessments of new hardware and software deployments.
  • Evaluates changes to major infrastructure, identifies issues and provides remediation plans as required.
  • Works with outside vendors to evaluate and recommended technologies.
  • Develops and maintains security processes.
  • Evaluates security posture of projects throughout the enterprise from conception to deployment.
  • Assists in conducting information security assessments and risk analysis of computing environment and in managing remediation efforts with Information Technology organization when vulnerabilities are identified.
  • Performs and maintains compliance efforts with various laws and industry regulations including Payment Card Industry Data Security Standards (PCI-DSS), Sarbanes-Oxley (SOX) and HIPAA and Big Lots Information Security Policies.
  • Reviews application design and develops and recommends remediation plans as required.

Qualification

• • Bachelor’s Degree in in computer science or related field or equivalent experience required.
  • Minimum of six years of experience in an Information Technology field with at least three years in an information security function required. Experience in a retail company preferred.
  • System design and architecture experience required.
  • Systems administration and/or network/data communications experience required.
  • Experience conducting security assessments and knowledge of Windows and Linux operating systems required.
  • Experience with software development or background with writing automated scripts required.
  • Direct experience with anti-virus software, intrusion detection, firewalls and content filtering required.
  • Knowledge of risk assessment tools, technologies and methods required.
  • Experience designing secure networks, systems and application architectures required.
  • Knowledge of disaster recovery, computer forensic tools, technologies and methods required.
  • Experience planning, researching and developing security policies, standards and procedures required.
  • Professional experience in a system administration role supporting multiple platforms and applications required.
  • Ability to communicate network security issues to peers and management required.
  • Ability to read and use the results of mobile code, malicious code, and anti-virus software required.
  • Strong understanding of endpoint security solutions including File Integrity Monitoring, Data Loss Prevention, Anti Virus, Next Gen Malware Protections and application Whitelisting required.
  • Knowledge of core internet and network protocols preferred (e.g., TCP/IP, DNS, SMTP, HTTP etc.) required.
  • Demonstrated strong interpersonal skills with the ability to develop alliances with key stakeholders preferred.
  • Ability to work extended hours, drive an automobile and travel as required.
  • OSCP, CCNA, CCIE, CASP or CISSP certifications preferred.

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws.