About the job
The Senior Information Security Engineer guides various information systems initiatives, projects, and systems to provide a secure computing environment. Provides design recommendations for new information security and information systems deployments and products and is an escalation point for third level support.
- Interfaces between security policymakers and Information Technology Services teams.
- Assists with the design and deployment of business and technology solutions throughout the business.
- Determines security requirements for the enterprise (including new and existing deployments).
- Creates and maintains security policy as required.
- Performs risk assessments of new hardware and software deployments.
- Evaluates changes to major infrastructure, identifies issues and provides remediation plans as required.
- Works with outside vendors to evaluate and recommended technologies.
- Develops and maintains security processes.
- Evaluates security posture of projects throughout the enterprise from conception to deployment.
- Assists in conducting information security assessments and risk analysis of computing environment and in managing remediation efforts with Information Technology organization when vulnerabilities are identified.
- Performs and maintains compliance efforts with various laws and industry regulations including Payment Card Industry Data Security Standards (PCI-DSS), Sarbanes-Oxley (SOX) and HIPAA and Big Lots Information Security Policies.
- Reviews application design and develops and recommends remediation plans as required.
- Bachelor’s Degree in in computer science or related field or equivalent experience required.
- Minimum of six years of experience in an Information Technology field with at least three years in an information security function required. Experience in a retail company preferred.
- System design and architecture experience required.
- Systems administration and/or network/data communications experience required.
- Experience conducting security assessments and knowledge of Windows and Linux operating systems required.
- Experience with software development or background with writing automated scripts required.
- Direct experience with anti-virus software, intrusion detection, firewalls and content filtering required.
- Knowledge of risk assessment tools, technologies and methods required.
- Experience designing secure networks, systems and application architectures required.
- Knowledge of disaster recovery, computer forensic tools, technologies and methods required.
- Experience planning, researching and developing security policies, standards and procedures required.
- Professional experience in a system administration role supporting multiple platforms and applications required.
- Ability to communicate network security issues to peers and management required.
- Ability to read and use the results of mobile code, malicious code, and anti-virus software required.
- Strong understanding of endpoint security solutions including File Integrity Monitoring, Data Loss Prevention, Anti Virus, Next Gen Malware Protections and application Whitelisting required.
- Knowledge of core internet and network protocols preferred (e.g., TCP/IP, DNS, SMTP, HTTP etc.) required.
- Demonstrated strong interpersonal skills with the ability to develop alliances with key stakeholders preferred.
- Ability to work extended hours, drive an automobile and travel as required.
- OSCP, CCNA, CCIE, CASP or CISSP certifications preferred.
We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws.
- Address Westerville, OH, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 5-10