Information Security Engineer
Job #2435: Chameleon Technologies is searching for two Information Security Engineers for a position in Issaquah, WA. The role of every Information Security team member is to support the overarching values and business goals of our client as they relate to meeting legal, ethical and regulatory obligations; protecting member’s and employee’s privacy, and maintaining a security technology environment for our operations. The Information Security Engineer provides consultative services, works with vendors for product consideration and recommendation, performs integration, monitoring, and auditing of information system activities, advises on matters related to policies, standards and procedures; and mentors team members with lesser subject matter expertise.
Job Duties/Essential Functions
- Assesses existing InfoSec Operations platforms and tools.
- Reviews roadmap for consolidation and integration of Operations platforms.
- Mentors and develops team members.
- Evaluates and hardens tooling and instrumentation to prevent cyber exploits.
- Performs the project manager role on security-related projects.
- Performs and/or coordinate regular security assessments of existing or new infrastructure.
- Performs duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.
- Works with information systems custodians (i.e., department managers, user community and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with our Information Security Policy.
- Assists with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports.
- Works with stakeholders to provide security solutions that support their business requirements.
- Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.
- Conducts security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices.
- Coordinates activities or engagements with loss prevention, interact with legal and law enforcement as required.
- Identifies security gaps that expose us to potential exploit and develop short and long term prioritized remediations to address those gaps ensuring management is apprised of the risk in a timely manner.
- Regular and reliable workplace attendance at your assigned location.
- Assists in other areas of the department as necessary.
- Assists in other areas of the company as necessary.
- Ability to operate vehicles, equipment or machinery.
- Computer, phone, printer, copier, fax
Experience, Skills, Education & Licenses/Certifications
- High degree of ethics/confidentiality required.
- Experience with Network Security Monitoring technologies, best practices, and workflow.
- Hands-on work with SIEM technologies.
- Strong prioritization and investigative skills.
- Expertise with scripting/programming languages (python, java, Perl, shell scripting, PowerShell, etc.) a plus.
- Experience integrating disparate systems using APIs also a plus.
- Good understanding of FIM, IDS, vuln scanning, logging/monitoring, AV and other commonly implemented enterprise security technologies a must.
- Ability to work effectively, independent of assistance or supervision.
- Innovative, creative, and extremely responsive, with a strong sense of urgency.
- Willing to share knowledge and assist others in understanding technical and business topics.
- Good working knowledge of Microsoft Azure Cloud.
- Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
- Demonstrated experience of “hands-on” security knowledge of one or more of the following platforms: Windows, Linux or UNIX.
- Ability to clearly communicate Information Security matters to executives, auditors, end-users, and engineers, using appropriate language, examples, and tone.
- Working knowledge of protocols and technologies such as TCP, UDP, SSL, FTP, SMTP, NetBIOS and DHCP.
- PCI experience helpful.
- Ability to interpret information security data and processes to identify potential compliance issues.
- Ability to quickly understand security systems in order to identify and validate security requirements.
- Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.
- One or more professional security certifications such as CISA or CISSP (or equivalent).
- A Bachelor’s degree in Computer Science or a minimum of 6 years of information systems security experience.