Job Details

ID #12365873
State Connecticut
City Stamford
Job type Contract
Salary USD $0 - $0 0 - 0
Source AgreeYa Solutions
Showed 2021-04-18
Date 2021-04-16
Deadline 2021-06-15
Category Et cetera
Create resume

Senior IT Security Engineer

Connecticut, Stamford, 06901 Stamford USA

Vacancy expired!

Title: Sr IT Security Engineer

Location: Stamford, CT, United States

Duration: 12 + Months (This role will be onsite post COVID)

Job Description:AgreeYa is a global Systems Integrator and is seeking Sr. IT Security Engineer. The Sr. IT Security Engineer will be responsible for:

Job Summary:Looking for a Senior IT Security Engineer with engineering and operational expertise in the infrastructure security area, with emphasis on the infrastructure layers. Reporting to the Associate Director, IT Security and Risk Management, your primary responsibilities will be designing, implementing, operationalizing, and optimizing infrastructure security solutions (both technologies and processes) for the enterprise IT environment, with the goal of maturing the company’s infrastructure security policy and technical and logical control platforms, improving security posture and cultivating company-wide security-aware culture. You will work closely with other infrastructure towers, business relationship managers, and managed services to identify risks to the business and drive solutions ranging from education and awareness to the adoption of new/existing policies, standards, processes and technologies.

Must have:
  • 7+ years hands-on experience in IT Security, preferable within infrastructure/production systems support
  • CISSP certified
  • Designed and implemented Azure Cloud Security.

Primary Responsibilities:
  • Be hands-on in evaluating the effectiveness of the control environment and optimize technical and logical controls
  • Evaluate and promote new and existing security standards, solutions and tools
  • Design, implement, document, and optimize infrastructure security solutions
  • Perform vulnerability/risk analysis of Purdue systems, data, applications, and the identity landscape during all phases of the system lifecycle
  • Communicate areas of risk and vulnerabilities, propose mitigation plans to management
  • Apply security engineering principles related to building, maintaining, and monitoring infrastructure
  • Collaborate with partners to translate security and business requirements into technical designs and access policy
  • Provide guidance and set direction in regard to security policy and processes for L1/L2/L3 support
  • Provide L3 (Level 3) support for all security decisions, and act as an escalation point for security initiatives and operational support
  • Develop and support cloud security frameworks and design to support company initiatives while ensuring solid security posture
  • Support identity-based initiatives including least privilege and control of privileged accounts
  • Reviews security logs and reports to monitor unauthorized system access attempts, both internal and external and make recommendations for further action
  • Recommend improvements to monitoring systems to ensure confidentiality and integrity of data and availability of all network services and systems
  • Must be able work with limited supervision and communicate effectively with the IT support and engineering teams, managed services, and governance, including change management and architectural review
  • Provide security guidance for business and IT projects, and help drive solutions to completion
  • Participate as the security liaison for critical IT initiatives such as disaster recovery, network design, system hardening, etc.
  • Investigates and follows up on security violations and incidents and act as incident response lead as necessary
  • Translate security requirements, risk, and security best-practice into effective presentations for technical and non-technical users
  • Develop, maintain and implement security policy, standards and procedures
  • Lead cyber risk management function, translating the cyber risk landscape impacting the life sciences/pharmaceutical vertical and the business to effective, optimized security controls and configurations thereof, timely patch management, and OS and application version standardization
  • Measure performance by managed services against KPIs, CPIs, and SLAs and recommend additional metrics to cover gaps in service delivery benchmarks

Education:
  • Bachelor Degree in Computer Science or a related discipline

Necessary knowledge, skills, and abilities:
  • Fluency in layered defense, least access/least privilege, software defined perimeter, zero-trust concepts, identity as a perimeter
  • Knowledge of cloud platforms, specifically, control design and enforcement of security best practices in IaaS and PaaS
  • Solid understanding of securing connected systems by various means/controls (e.g., network-based controls, OS hardening and policy enforcement to minimize attack surface, control of inter-process communication/system control communication)
  • Proficiency in networking (OSI model, TCP/IP, routed protocols) and control of network-based exploits
  • Solid knowledge of protocols in use by host systems (HTTP, HTTPS, FTP, SMTP) and the implications of susceptibility to exploits
  • Understanding of user-based exploits and mitigation methods (e.g., phishing, web-hosted exploits)
  • Identity Governance and Administration
  • Mobile device security
  • Fluency in various security solutions and platforms and technology
  • Vulnerability and patch management, modern endpoint protection, SSO/MFA, Active Directory, PKI/Certificate management
  • Proficiency in the below platforms:
  • Network-based firewalls/UTM, IDPS, Proxy, SIEM, Access/Authorization/ Authentication.
  • Awareness of federal regulations applicable to life sciences/pharmaceutical (e.g., 21 CFR part 11)
  • Knowledge of accepted Cybersecurity standards and frameworks- CIS CSC, NIST CSF, etc.
  • Working knowledge of risk assessment and management methodologies
  • Strong awareness of the cyber threat landscape and eagerness to stay abreast of emerging threats
  • Proven communication skills: ability to communicate with security practitioners, non-security technical peers, management, and business users
  • Able to deliver projects and improvements in time and on budget with limited supervision

Supervisory responsibilities:
  • This role will assist their manager in managing the off-shore resources by providing L3 level support of security platforms and processes.

Summary of Work:
  • This role will be very hands-on with operations & engineering, problem solving, analysis, etc. Need expert level candidate who can think strategically.
  • Will have to make sure that third-party Security provider is following process and procedures.

About Us:AgreeYa is a global systems integrator delivering competitive advantage for its customers through software, solutions, and services. Established in 1999, AgreeYa is headquartered in Folsom, California, with a global footprint and a team of more than 1,850 staff across offices. AgreeYa works with 500+ organizations ranging from Fortune 100 firms to small and large businesses across industries such as Telecom, Banking, Financial Services & Insurance, Healthcare, Utility & Energy, Technology, Public sector, Pharma & Biotech, and others. Please visit us at www.agreeya.com for more information.AgreeYa is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, gender identity, sexual orientation, national origin, disability, veteran status or other protected characteristics. Visit our website to learn about our Career & Culture.

Vacancy expired!

Subscribe Report job