Job Description

How will your role impact First Command?

An Information Security Engineer II leads as well as assists in safeguarding our organization's computer networks and systems. They aid in the planning and execution of security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.

What will you be doing?

• Performs vulnerability scanning and penetration testing on internal and external systems
• Facilitates, tracks, and drives remediation of issued identified by vulnerability and penetration testing
• Maintains documentation for all aspects of the vulnerability management program, including but not limited to results, schedules, SLAs, and ticketing
• Assists in reviewing and improving on all annual security training initiatives
• Coordinates, facilitates, and maintains the schedule for access reviews
• Monitor areas of responsibility to prevent, detect, and investigate security alerts
• Experience with managing, searching, aggregating, and correlating log management and Security Information and Event Management (SIEM)
• Work cooperatively with the Enterprise Architecture team for the development of appropriate security standards and guidelines
• Provide security guidance and troubleshooting security issues as required
• Manage and improve information security documentation as required
• Deliver appropriate and accurate metrics to management
• Perform trend analysis
• Participates as a key member of the Security Incident Response Team (SIRT)
• Effectively plans and manages information protection initiatives and projects to ensure that objectives and schedules are met
• Stay up to date on new information technologies and apply those innovations in the company's security standards and best practices
• Collaborate with team members as well as other business functions, business partners, management, vendors, and external parties for information gathering and best practice recommendations
• Conduct and report on vendor reviews
• Work with CISO and Senior Information Security Engineer to design and implement multilevel security strategies to protect networks and data resources
• Anticipate future problem areas by monitoring workflows and network traffic patterns
• Conducts security reviews, evaluations, risk assessments, and develops recommendations for improvements as appropriate
• Team specific and organization-wide knowledge sharing

What skills/qualifications do you need?

Education

• Bachelor's degree in computer science, Information Technology, or an Engineering related field, or equivalent experience

Work Experience

• Minimum 5 years' experience working in an IT Security capacity
• Experience with information security policy design
• Experience with vulnerability and penetration testing tools and techniques
• Experience with conducting, interpreting, and reporting on vulnerability and penetration tests
• Experience participating in security audits
• Experience with monitoring for security events, evaluating and responding where appropriate

Certifications

• Relevant Security certification(s) such as: CISSP, Microsoft Certified Systems Administrator: Security, CCSP, CCNA, and CCNP: Security

Knowledge, Skills and Abilities (all are required)

• Diligence in producing and maintaining documentation and evidence, especially for compliance activities
• Detailed knowledge of ISO, NIST, and other information security standards, laws, and regulations
• Possess strong analytical skills
• Must be a self-starter and comfortable with self-directed learning on industry risks and changes
• Must be able to perform risk analysis on projects and provide recommendation to mitigate risk
• Good oral and written communication skills
• Ability to speak confidently when dealing with internal constituents
• Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions
• Build domain knowledge of our environment to understand long-term risk areas that will develop as the systems evolve
• Incorporate industry security standards into practical security operations, network operations, and application development practices
• Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks

#LI-NC1