Sr. Security Engineer

Company: Quality Custom Distribution
Location: Irvine
Posted on: June 7, 2021

Job Description:

Overview

The Senior Security Engineer - is accountable for ensuring the security of all GSF' internal IT assets including data center, network systems, cloud services, applications. Performs IT security assessments utilizing established IT risk assessment framework and best practices. Conducts IT risk assessments to identify appropriate oversight tier and relevant IT controls. Develops approach to assess IT security/controls based on risk assessments and executes IT security reviews of 3rd party suppliers. Prepares final report detailing assessment of the IT security/control environment and any control deficiencies. Engages business to remediate control deficiencies.

Responsibilities

(% of time may vary depending on assignments/projects)

1. Security Operations

• Manages all major security incidents to ensure appropriate actions are being taken and that communication is maintained throughout the incident.
• Accountable for the measurement, tracking and improvement of Service Levels for Security operations.
• Develop and implement a service improvement roadmap as part of an ongoing program of improvement
• Drive resolution and make critical decisions if impending issues threaten to jeopardize the team's ability to meet Service Levels.
• Plan, implement and monitor day-to-day operations to ensure established objectives and responsibilities are met or exceeded.
• Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques
• Research next generation security issues, 0-day attacks and vulnerabilities. Define remediation plans.
• Manage or perform network penetration testing and database vulnerability assessments.
• Provide oversight and consulting on web and mobile applications security matters to Application development, Data Center and Network Operations teams.
• Use cutting edge network security technologies to provide identity, device security posture and differentiated network access to our employees and external parties
• Develop, review and approve network security designs and architectures
• Influence and drive the advancement of GSF's Mobility, Cloud Service, Trusted Device, Network and Data Center Virtualization strategies
• Deliver solution proposals to continuously improve the security posture of GSF IT Services, IT infrastructure, extranet and acquisitions
• Evaluate and test security architectures including third party technologies and services, and locally developed applications.
• Showcase and share security best practices with GSF internal users, external partners
• Remain cognizant of emerging security threats and industry best practices, advise the organization of potential risks and threat mitigation techniques
• Establish, evolve and enforce information security policies, standards and guidelines
• Document security solutions and operational methods and procedures
• Establish an enterprise security stance through policy, architecture and training processes.
• Identify, highlight and provide vulnerability remediation guidance to application design and development teams. Manage remediation of vulnerabilities through risk ranking and scoring.
• Track open issues and follow up with different teams to address the open issues.
• Assist with strategic initiatives around future security infrastructure and tools - such as advanced threat protection, data encryption and key management, incident response.
• Help design cloud security strategy and processes.
• Serve as a technical expert for enterprise security operations, analyze threat intelligence.
• Act as a key member of Incident Response team
• Interface with internal and external management in problem-solving and recommending technical alternatives and appropriate actions.
• Evaluate and select appropriate security solutions, and oversee of any vulnerability audits and assessments.
• Leads the operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
• Responsible for protecting the organization's computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals

65%

2. Technology & Services Selection

• Perform comparative analysis between competing technology solutions and services.
• Make sound technology acquisition and service model recommendations.
• Consult with vendors in the acquisition of new technology and services.
• Work with IT Operations to negotiate most effective pricing for the enterprise.

10%

3. Technology Project Support

• Evaluate current systems in area of specialty to identify areas for improvement or new direction and provide as input into future systems strategies.
• Evaluate new technologies in area of specialty and provide input into future systems strategies.
• Work closely with IT staff to clearly define issues and/or requirements that result in modifications to any of the systems, hardware or OS in area of specialty.
• Provide expert advice, training and project management and technical support for various projects in area of specialty.

25%

4. Additional Responsibilities

• Accountable for properly following all IT standards, processes and methodologies as applicable including but not limited to Quality Assurance (QA), Project Management Life Cycle (PMLC) and Software Delivery Life Cycle (SDLC).
• Other responsibilities and accountabilities may be assigned based on business and organization needs.

Varied

TRAVEL EXPECTATIONS

• Minimal travel requirements (<10%)

MANAGEMENT RESPONSIBILITY

• None

Qualifications

Education/Certification

• Bachelor's degree in computer science or information systems from an accredited college or university or commensurate work experience.

Experience

• 7+ years' work experience in IT security operations
• Experience with ISO 27001
• Security certifications is highly desired
• Information security management qualifications such as CISSP or CISM
• Experience deploying, operating and maintaining Enterprise IT Security programs and controls
• Database security controls, including access control, auditing, and configuration best practices
• Application security controls and awareness of top security considerations for application development in the Software Development Lifecycle
• Network security controls; including Intrusion Detection, log aggregation, Firewalls, etc.
• Identity & Access management with Active Directory
• Risk management including vulnerability assessment, control assessment, likelihood determination and risk prioritization
• Privacy and data protection techniques and associated tools

ESSENTIAL KNOWLEDGE, SKILLS AND ABILITIES

Refer to separate handout for Competency definitions (B/basic; P/proficient; E/expert):

Technical

Expert

• Application Integration and Compliance
• Disaster recovery
• Client/Server Systems
• Data Transport
• High Availability
• Information Security
• Infrastructure Technology
• Network, Routers, Switches, Firewalls
• Identity and access management
• Risk Management
• Network Security
• Vulnerability assessment

Proficient

• General Office Applications
• Packaged Software
• Windows Administration
• Microsoft Project
• SOA Strategy
• BASH
• Power Shell
• Exabeam

Basic

• Automated Testing Tools
• ITIL Incident Management
• Code Management
• Enterprise Date Modeling
• EnterpriseOne CNC Concepts
• RDB Database Administration
• Remote Assistance Tools
• Programming Languages
• User Interface Design

Business

Expert

• ITIL
• Release Management
• Governance, Risk and Compliance Management
• Business Alignment
• Configuration management

Proficient

• Technical Writing
• Test Plans
• Business Acumen
• Innovative Solution Development
• Project Management Methodology (PMM)

Basic

• Quality Assurance & Controls
• Requirements Definition
• Service Level Management
• Systems Delivery Life Cycle (SDLC

CORE COMPETENCIES

The following universal core competencies apply to every job at Golden State Foods. Performance expectations are based on the specific job and grade level.

RESOURCE MANAGEMENT

Uses available resources (time, people, materials financial) effective to achieve lowest cost/best value and established performance standards.

BUSINESS KNOWLEDGE/TECHNICAL CAPABLITY

Possess and uses expertise and knowledge to make sound decisions and to implement solutions that support GSF's strategic goals. Possess and utilizes required technical capabilities to effectively perform all position responsibilities.

INTERACTIONS WITH OTHERS

Treats others with dignity and respect in accordance with Values and Creed. Works cooperatively and maintains effective work relationships with supervisors, peers and direct reports.

COMMUNICATION

Uses clear, concise and effective written and verbal communication with associates, customers and others. Uses effective listening skills.

SELF-MANAGEMENT

Identifies and takes proper action within the framework of the position. Plans, organizes and conducts work according to GSF's standards and in a manner consistent with GSF policies and values. Exercises sound judgment, decision-making and required initiative. Is flexible and demonstrates a willingness to change.

QUALITY AND QUANTITY

Produce accurate and timely work results. Is accurate and thorough and uses work time productively and efficiently. Results meet needs of internal and/or external customers.

Keywords: Quality Custom Distribution, Irvine , Sr. Security Engineer, Other , Irvine, California