This site uses cookies. To find out more, see our Cookies Policy

Sr. Information Security Engineer in Richmond, VA at Vaco

Date Posted: 5/17/2019

Job Snapshot

Job Description

**U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.**

This position is responsible for understanding the best practices and regulatory environment for IT security and privacy and how to practically implement those items. In addition, the candidate is responsible for verifying current security posture and working with system owners to remediate vulnerabilities, ensure regulatory and policy compliance.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

Security Requirements

  • Design and implement security measures for the protection of computer systems, networks and information.
    • Identify, define and communicate information security requirements
    • Prepare and document standard security procedures and processes as well as technology specific security baselines
    • Consult and advise system owners on the best methods for meeting information security requirements and remediated identified vulnerabilities
    • Define system policies for systems users

Security Administration

  • Perform network security administration
    • Configure and maintain security infrastructure devices including database maintenance tasks
    • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
    • Lead response to security events and incidents as outlined in the UNOS Incident Response Guide. Maintain Incident Response Guide
    • Define network systems security requirements and specifications
    • Lead the development and implementation of information security procedures
    • Evaluate network system design and configuration for security
    • Develop recommendations for systems security upgrades and improvements
    • Evaluate the impact of security configuration on system design and performance
    • Track metrics for evaluating success of information security processes
  • Perform application development related security administration
    • Work with development staff to define application security requirements
    • Define application security standards and polices for users and developers
    • Evaluate web application design for security compliance
    • Evaluate application servers for security compliance
    • Evaluate technology and usage trends for impact on security
    • Develop recommendations for systems security upgrades and improvements
  • Perform client security administration
    • Ensure that endpoint protection is current and active on all workstation and servers
    • Evaluate systems design and configuration for security
    • Monitor and report security problems
  • Perform network security audits, analyze results and make recommendations for remediation
  • Develop recommendations for system security upgrades and improvements
  • Develop and implement organization wide Security Awareness Program that includes:
    • General security awareness training and assessment required for all UNOS employees and contractor per Corporate Security Policy
    • Significant User training for employees with higher level of security responsibility or elevated privileges
    • Periodic optional training and information for all staff on relevant topics
  • Mentor junior staff and offer guidance on information security practices and processes
  • Assist with maintaining the information security roadmap
  • Manage medium to large information security projects
  • Assist with government compliance reporting

Manage IT and security policies and standards

  • Define security and access requirements
  • Keep current with industry best practices and standards
  • Develop areas of information management and security that require the establishment of policies and standards in the organization
  • Assess currency and efficiency of IT security polices and standards and make recommendations for improvement
  • Make recommendations for policies and standards to meet new and changing requirements
  • Develop processes to disseminate and support compliance to policies and standards

Education:

  • Bachelor's Degree in Computer Science/Engineering or equivalent experience (see specifics for experience below).

Experience:

  • At least 5 years of technical experience working in the Information Security field and at least 10 years of experience in the information technology field
  • Experience leading multiple large projects, leading definition, selection and implementation of security tools, technologies and processes
  • Hands-on experience implementing and administering information security, infrastructure and software systems.
  • Experience evaluating potential solutions, selecting and recommending the best solution
  • Experience producing design documents that are used by others to effectively implement solutions
  • Experience designing and implementing security technologies, such as IDS/IPS, SIEM, access controls, encryption and forensic tools.

Skills:

  • Ability to analyze systems based on business and technical user stories/requirements in order to design solutions that best meet the overall objectives of stakeholders
  • Ability to strategically analyze and articulate risks, benefits and opportunities associated with a proposed design or solution.
  • Demonstrated ability to design and implement complex infrastructure, applications, networks and systems with the goal of meeting business and security objectives
  • Demonstrated ability to design modifications to existing systems that improve security without compromising business objectives
  • Ability to design complex information security systems that impact multiple domains across Service Operations and Software Engineering
  • Ability to review and mentor the work of others in evaluating business objectives, detailing security user stories and generating technical specifications
  • Champion information security throughout the organization
  • Ability to estimate total costs of proposed solutions, including effort, acquisition costs and on-going costs
**U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.**