Senior Information Security Engineer

US-CO-Denver
Req No.
2017-1399
Type
Regular Full-Time

Overview

Four Winds Interactive is seeking a Sr. Information Security Engineer to join Four Winds Interactive’s security team. The role of the Senior Information Security Engineer will be to assist the Sr. Director of Security and IT in building out Four Winds Interactive’s security program to target ISO 27001/2 compliance and the pursuit of FedRAMP (Moderate) certification. This position participates in the identification, tracking, and monitoring of information security threats and service operations. They will utilize established processes and tools to focus on incident response, threat identification, analyses, and remediation. 

The Senior Information Security Engineer will support the processes for technical and physical risk management to protect Four Winds Interactive’s information assets.  This position assists in the creation of the development and maintenance of business continuity planning, data, systems, and network security for systems and controls related to their job duties.

 

The Senior Information Security Engineer will report to the Sr. Director of Security and IT and this position is not a management position.

 

All applicants must be authorized to work in the United States.

Responsibilities

  • Creates and maintains a risk assessment program that includes all facets of the business.
  • Creates and maintains security plans for Four Winds Interactive’s visual communications platform and supporting infrastructure and business processes.
  • Owner of client-based risk assessment responses.
  • Conducts internal information security audits.
  • Facilitates Four Winds Interactive’s secure software development lifecycle.
  • Assists with client questionnaires and contract reviews.
  • Creates hardening baselines for systems and infrastructure.
  • Assists the Sr. Director of Security and IT with the pursuit of ISO 27001/2 certification.
  • Assists the Sr. Director of Security and IT with the pursuit of FedRAMP (Moderate) certification.
  • Creates and distributes security manuals, documents and records. Maintains facility security requirements and implements procedures for safeguarding proprietary and customer furnished data.
  • Performs periodic and random security inspections and prepares security reports as necessary. Issues security violation citations as required by inspections.
  • Maintains inspection reports and records and advises senior management of deficiencies and remedial/disciplinary efforts to ameliorate deficiencies.
  • Prepares personnel actions and forms to request security clearance/special access and maintains records of such requests
  • Briefs incoming staff on security processes and debriefs outgoing staff. Conducts security awareness training sessions with new staff, when applicable.
  • Establishes and maintains procedures on handling, safeguarding and destruction of documents and data in accordance with established processes and appropriate timelines.
  • Assists in the implementation and administration of automated security systems.
  • Maintains records for periodic secure systems inspections with customer liaisons and other technical professionals.
  • Coordinate scheduled disaster recovery and business continuity testing for all pertinent IT functions.
  • Perform periodic vulnerability scans on all IT systems to ensure continued compliance with industry standards and related to PCI security; evaluate security posture of the Company.
  • Perform periodic reviews of IT procedures and security of all systems in order to maintain integrity of company and customer data.
  • Document and perform verification of IT related changes in accordance with Company security policies and procedures.
  • Coordinate remediation of any findings and recommendations from internal and external audits and risk assessments.
  • Research and recommend hardware and software solutions to augment or enhance existing security measures as needed.
  • Work with all lines of business during major systems implementations and enhancements as required
  • Coordinate the centralization of all IT related documentation and ensure updates to documentation are performed as required.
  • Investigate and report any security violations and incidents and ensure proper protection and corrective measures have been taken when an incident or vulnerability has been discovered.
  • Conduct scheduled reviews of key application security settings.
  • Mentor associate-level security personnel.
  • Other responsibilities, as required.

Qualifications

Education & Experience:

  • Bachelor’s degree in Computer Science, Information Systems, related field or equivalent experience
  • One or more security-based certifications required such as CISSP, CRISC, CISA and/or ethical hacking certifications.
  • 5+ years’ experience in some form of information security discipline; specialization in information security risk assessments and frameworks preferred.
  • Experience with the NIST and ISO 27001/2 security frameworks required.
  • Experience with ISO and FedRAMP certifications a plus.
  • Experience with the participation of SOC-based independent audits a plus.

Required Knowledge, Skills and Abilities:

  • Specialization in risk frameworks and formulating a risk management program preferred.
  • Ability to facilitate a secure software development lifecycle that includes threat modeling and application vulnerability scanning.
  • A background in secure software engineering a plus.
  • Ability to clearly and confidently explain complex technical issues in simple and understandable terms.
  • Self-starter with strong written and oral communication skills.
  • The ability to work in an environment that present tight timelines and high expectations.
  • Must be able to adapt quickly to ever changing requirements and priorities.
  • IT experience and understanding of common devices, equipment, environments, network diagrams & systems.
  • Familiar with MS office products/VISIO.
  • Ability to effectively network, participate in and lead matrixed teams, and develop key working relationships.
  • Working knowledge of systems administration for Linux and Windows-based platforms.
  • Basic knowledge of database administration and SQL a plus.
  • Basic knowledge of Amazon AWS administration a plus.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.