Information Security Engineer

Victory Capital

San Antonio, TX; Cleveland, OH

About Victory Capital:

Victory Capital is a diversified global asset management firm. The Company operates a next-generation business model combining boutique investment qualities with the benefits of a fully integrated, centralized operating and distribution platform.

Victory Capital provides specialized investment strategies to institutions, intermediaries, retirement platforms and individual investors. With 12 autonomous Investment Franchises and a Solutions Platform, Victory Capital offers a wide array of investment products, including mutual funds, ETFs, separately managed accounts, alternative investments, third-party ETF model strategies, collective investment trusts, private funds, and a 529 Education Savings Plan.

General Summary and Purpose:

As the Information Security Engineer, you will build the information security systems and technical security controls to protect the integrity and availability of the organizations information systems and data. The Information Security Engineer will be responsible researching, recommending, and implementing changes to enhance information systems security and monitoring capabilities. You will partner with the organizations Managed Security Services Provider (MSSP) to manage computer networks, both on-premises and in the cloud. You will review daily, weekly, and monthly security reports and provide actionable intelligence. You will lead the organizations Vulnerability Management program through tactical guidance and detailed coordination with the MSSP. You will identify and investigate anomalies and produce status reports reflecting the current state of security within the company. You will conduct security assessments through vulnerability testing and risk analysis, as well as, perform security audits and partner with different departments to establish new IT control objectives.

You will use your technical knowledge and specialized skills to learn new security solutions and serve as Subject Matter Expert (SME) while supporting a broad range of technology solutions, services, and infrastructure from a security perspective. Daily activities include implementing and operating new technical solutions, leading Vulnerability Management and Incident Response, and consulting with teams to develop and test new controls. Additional responsibilities include leading incident response activities, including steps to minimize the impact, build resiliency, and conduct technical investigations into security incidents. You will partner with other IT personnel to help with technical support of security related issues and remediate incidents. You will participate in various cyber security projects as a team member and lead certain efforts such as penetration testing engagements.

You will report to the Chief Information Security Officer.

You Will:

• Analyze business trends and behavioral data to identify opportunities for improvements, new projects, and best fit security architectures
• Implement new security solutions, and product platforms to provide cost-effective solutions that meet business and technology requirements.
• Be an expert for certain security products solutions and platforms.
• Lead the organizations Vulnerability Management program through tactical guidance, detailed coordination, published project plans, monitoring and support.
• Maintain a knowledge of best practice security frameworks, industry-recognized information technology control standards, and other industry resources and work with teams to develop control objectives accordingly.
• Perform security compliance assessments on processes and technology.
• Partner with organizations MSSP to ensure controls are adequate, appropriate and effective.
• Participate in our security audit and compliance testing efforts.
• Lead Incident Response activities, oversee security incident investigations, conduct root cause analysis, debugging, support, and post-mortem analysis for security incidents, service interruptions, or other complex problems to resolution.
• Own the escalation of security related issues and security monitoring tools, work with Tier 1 Service Desk, Tier 2 Tech Support, and Tier 3 engineers to address security service incidents and serve as technical contributor to provide guidance and help to teams struggling with system issues.

You Have:

• Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, or other related discipline. Or, in lieu of degree, 6 or more years of work experience in IT Cyber Security.
• 5+ years of technical security experience with solid understanding of email security, packet capture and analysis, DNS, VPN, DDos, IPS/IDS, NAC, Encryption, etc.
• 5+ years of experience with Security Operations such as data protection, network security, application security, endpoint security, log management, vulnerability management, and incident response.
• 5+ years of related experience working with risk management frameworks such as NIST CSF, FFIEC, CIS, ISO27001, financial services industry specific regulations and other various privacy regulations.
• Must hold or working toward the following: CISSP, CRISC, CISA, CCSK or similar industry recognized certifications.
• Experience providing recommendations, implementing, and administering new security tools.

Preferred experience:

• Experience with Sarbanes Oxley (SOX).
• Experience with financial industry technology.
• Domain expertise in Identity Access Management (IAM), Data Security, Security Incident and Event Management (SIEM), Application Security, and Cloud Security.
• Experience working with offshore outsourced service providers.

Our Benefits:

Victory Capital Management offers great Medical, Dental, Vision plans, Flexible PTO, Family Medical and Disability Leaves, and a 401k plan with a generous employer match.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.