Senior Engineer Information Security-Washington, DC - Georgia IT Inc.
Washington, DC
About the Job
Senior Engineer Information Security
Location : Washington, DC
Position : Contract
Rate : DOE
US Citizen, Green Card, TN, GC EAD and H4 EAD only No Third-party agencies corp to corp.
Qualifications:
Required Skills:
Responsibilities:
Location : Washington, DC
Position : Contract
Rate : DOE
US Citizen, Green Card, TN, GC EAD and H4 EAD only No Third-party agencies corp to corp.
Qualifications:
- Bachelor's degree or equivalent, relevant experience.
- 7+ years of hands-on information technology security experience.
- Must have current Certified Information Systems Security Professional (CISSP) certification or obtain it within one year of hire.
- Additional certifications such as GIAC (SANS) certifications, CEH, LPT, PCI-ISA, etc. are preferred. Documentation of successful completion of underlying coursework for such certifications may be considered.
- Special preference will be given to cloud security certifications, whether vendor-neutral (CCSK, CCSP) or vendor-specific (AWS Certified Solutions Architect).
- Experience with PCI, ISO, and SOX or analogous experience with regulatory compliance in other industries preferred.
- 5 + years of relevant work experience designing and implementing security controls and securing systems, applications, and infrastructure.
- 2 + years of relevant work experience - Vulnerability and penetration testing tools and techniques.
- 2 + years of relevant work experience - Malware protection and response.
- 2 + years of relevant work experience - IDS/IPS and security event/ log monitoring and correlation.
- 1 + years of relevant work experience -- Information security in the cloud.
- 1 + years of experience - Security program implementation.
- Working knowledge of ISO standards, PCI, OWASP Top 10.
- Experience with internet facing services and 24x7 environment.
- Experience with broadcast operations and/or telematics services is preferred.
Required Skills:
- CISSP, Cloud, ISO, Malware, Penetration Tester, Vulnerability Assessment
Responsibilities:
- Serves as information security subject matter expert for infrastructure, broadcast, connected vehicle services, streaming and systems and network security.
- Supports the information security program and performance of relevant information security engineering and security architecture development activities for the broadcast, connected vehicle services, streaming and infrastructure services of Sirius XM.
- Collaborates with business owners, product/systems engineers, and operational personnel to understand business priorities and goals, company culture, and processes to identify information security risks; works with teams to recommend and help implement solutions and/or mitigating controls.
- Provides technical design, documented guidelines and implementation support of security controls for servers, workstations, network devices, multi-function devices, mobile computing platforms, and applications.
- Advises on information security best practices and design standards as applied to cloud deployments.
- Serves as a technical security liaison with OEM clients and their respective security representatives as assigned.
- Actively tracks vulnerability findings and status of remediation, driving toward resolution.
- Validates the continued and proper placement, operation, and tuning of security instrumentation, including vulnerability scanners, intrusion detection sensors, DLP, security log monitoring/correlation tools, file integrity monitoring solutions, and other security relevant controls by monitoring the IT security operations groups and their activities.
- Conducts threat modeling for cloud and enterprise applications, systems and networks.
- Expedites neutralization of threats that pose immediate danger to the confidentiality, integrity, and availability of information assets.
- Evolves and adapts incident response and handling procedures commensurate with changing threat landscape and business needs.
- Provides routine status and metrics for information security to the Director, Security Technologies and Investigations.
- May perform daily and alert-based monitoring of information security events and initiate response procedures in accordance with established processes.
- May perform routine and ad-hoc information security vulnerability scanning and testing to identify risks to information assets; escalate and expedite resolution/mitigation of vulnerabilities deemed high/critical severity.
- Helps raise awareness of information security in the company and provide holistic guidance on information security.
- Develops and conducts Cloud security training for end users and operational units.
Source : Georgia IT Inc.
