Sr. Security Engineer
Company: Quality Custom Distribution
Posted on: June 7, 2021
The Senior Security Engineer - is accountable for ensuring the
security of all GSF' internal IT assets including data center,
network systems, cloud services, applications. Performs IT security
assessments utilizing established IT risk assessment framework and
best practices. Conducts IT risk assessments to identify
appropriate oversight tier and relevant IT controls. Develops
approach to assess IT security/controls based on risk assessments
and executes IT security reviews of 3rd party suppliers. Prepares
final report detailing assessment of the IT security/control
environment and any control deficiencies. Engages business to
remediate control deficiencies.
(% of time may vary depending on assignments/projects)
- Security Operations
- Manages all major security incidents to ensure appropriate
actions are being taken and that communication is maintained
throughout the incident.
- Accountable for the measurement, tracking and improvement of
Service Levels for Security operations.
- Develop and implement a service improvement roadmap as part of
an ongoing program of improvement
- Drive resolution and make critical decisions if impending
issues threaten to jeopardize the team's ability to meet Service
- Plan, implement and monitor day-to-day operations to ensure
established objectives and responsibilities are met or
- Evaluate applications for appropriate and effective use of
security controls using tools and techniques such as source code
analysis, vulnerability scanners, and manual testing
- Research next generation security issues, 0-day attacks and
vulnerabilities. Define remediation plans.
- Manage or perform network penetration testing and database
- Provide oversight and consulting on web and mobile applications
security matters to Application development, Data Center and
Network Operations teams.
- Use cutting edge network security technologies to provide
identity, device security posture and differentiated network access
to our employees and external parties
- Develop, review and approve network security designs and
- Influence and drive the advancement of GSF's Mobility, Cloud
Service, Trusted Device, Network and Data Center Virtualization
- Deliver solution proposals to continuously improve the security
posture of GSF IT Services, IT infrastructure, extranet and
- Evaluate and test security architectures including third party
technologies and services, and locally developed applications.
- Showcase and share security best practices with GSF internal
users, external partners
- Remain cognizant of emerging security threats and industry best
practices, advise the organization of potential risks and threat
- Establish, evolve and enforce information security policies,
standards and guidelines
- Document security solutions and operational methods and
- Establish an enterprise security stance through policy,
architecture and training processes.
- Identify, highlight and provide vulnerability remediation
guidance to application design and development teams. Manage
remediation of vulnerabilities through risk ranking and
- Track open issues and follow up with different teams to address
the open issues.
- Assist with strategic initiatives around future security
infrastructure and tools - such as advanced threat protection, data
encryption and key management, incident response.
- Help design cloud security strategy and processes.
- Serve as a technical expert for enterprise security operations,
analyze threat intelligence.
- Act as a key member of Incident Response team
- Interface with internal and external management in
problem-solving and recommending technical alternatives and
- Evaluate and select appropriate security solutions, and oversee
of any vulnerability audits and assessments.
- Leads the operation of related compliance monitoring and
improvement activities to ensure compliance both with internal
security policies etc. and applicable laws and regulations
- Responsible for protecting the organization's computers,
networks and data against threats, such as security breaches,
computer viruses or attacks by cyber-criminals
- Technology & Services Selection
- Perform comparative analysis between competing technology
solutions and services.
- Make sound technology acquisition and service model
- Consult with vendors in the acquisition of new technology and
- Work with IT Operations to negotiate most effective pricing for
- Technology Project Support
- Evaluate current systems in area of specialty to identify areas
for improvement or new direction and provide as input into future
- Evaluate new technologies in area of specialty and provide
input into future systems strategies.
- Work closely with IT staff to clearly define issues and/or
requirements that result in modifications to any of the systems,
hardware or OS in area of specialty.
- Provide expert advice, training and project management and
technical support for various projects in area of specialty.
- Additional Responsibilities
- Accountable for properly following all IT standards, processes
and methodologies as applicable including but not limited to
Quality Assurance (QA), Project Management Life Cycle (PMLC) and
Software Delivery Life Cycle (SDLC).
- Other responsibilities and accountabilities may be assigned
based on business and organization needs.
- Minimal travel requirements (<10%)
- Bachelor's degree in computer science or information systems
from an accredited college or university or commensurate work
- 7+ years' work experience in IT security operations
- Experience with ISO 27001
- Security certifications is highly desired
- Information security management qualifications such as CISSP or
- Experience deploying, operating and maintaining Enterprise IT
Security programs and controls
- Database security controls, including access control, auditing,
and configuration best practices
- Application security controls and awareness of top security
considerations for application development in the Software
- Network security controls; including Intrusion Detection, log
aggregation, Firewalls, etc.
- Identity & Access management with Active Directory
- Risk management including vulnerability assessment, control
assessment, likelihood determination and risk prioritization
- Privacy and data protection techniques and associated
ESSENTIAL KNOWLEDGE, SKILLS AND ABILITIES
Refer to separate handout for Competency definitions (B/basic;
- Application Integration and Compliance
- Disaster recovery
- Client/Server Systems
- Data Transport
- High Availability
- Information Security
- Infrastructure Technology
- Network, Routers, Switches, Firewalls
- Identity and access management
- Risk Management
- Network Security
- Vulnerability assessment
- General Office Applications
- Packaged Software
- Windows Administration
- Microsoft Project
- SOA Strategy
- Power Shell
- Automated Testing Tools
- ITIL Incident Management
- Code Management
- Enterprise Date Modeling
- EnterpriseOne CNC Concepts
- RDB Database Administration
- Remote Assistance Tools
- Programming Languages
- User Interface Design
- Release Management
- Governance, Risk and Compliance Management
- Business Alignment
- Configuration management
- Technical Writing
- Test Plans
- Business Acumen
- Innovative Solution Development
- Project Management Methodology (PMM)
- Quality Assurance & Controls
- Requirements Definition
- Service Level Management
- Systems Delivery Life Cycle (SDLC
The following universal core competencies apply to every job at
Golden State Foods. Performance expectations are based on the
specific job and grade level.
Uses available resources (time, people, materials financial)
effective to achieve lowest cost/best value and established
BUSINESS KNOWLEDGE/TECHNICAL CAPABLITY
Possess and uses expertise and knowledge to make sound decisions
and to implement solutions that support GSF's strategic goals.
Possess and utilizes required technical capabilities to effectively
perform all position responsibilities.
INTERACTIONS WITH OTHERS
Treats others with dignity and respect in accordance with Values
and Creed. Works cooperatively and maintains effective work
relationships with supervisors, peers and direct reports.
Uses clear, concise and effective written and verbal
communication with associates, customers and others. Uses effective
Identifies and takes proper action within the framework of the
position. Plans, organizes and conducts work according to GSF's
standards and in a manner consistent with GSF policies and values.
Exercises sound judgment, decision-making and required initiative.
Is flexible and demonstrates a willingness to change.
QUALITY AND QUANTITY
Produce accurate and timely work results. Is accurate and
thorough and uses work time productively and efficiently. Results
meet needs of internal and/or external customers.
Keywords: Quality Custom Distribution, Irvine , Sr. Security Engineer, Other , Irvine, California
Didn't find what you're looking for? Search again!