Senior IT Security Engineer

DataMasters • Greensboro, NC, US • 3w ago

Job Description

Direct-hire role with Greensboro, NC client. Position will be onsite for first 30-90 days, then will be 3 days in office/2 days remote. If you do not live semi-locally, DO NOT APPLY.

The IT Security Engineer will be responsible for designing, implementing, and managing security measures to protect IT infrastructure and data. This role requires expertise in security best practices, threat analysis, and incident response.

Design and implement security solutions to safeguard the organization’s IT infrastructure, applications, and data.
Develop and maintain security policies, standards, and procedures to ensure compliance with industry best practices and regulatory requirements.
Conduct risk and vulnerability assessments to identify and address potential security gaps.
Monitor security systems and networks for signs of security breaches or suspicious activity.
Respond to security incidents and breaches, performing detailed analysis and remediation to prevent recurrence.
Investigate and report on security incidents, including coordination with external agencies if necessary.
Proactively identify security problems, monitor performance trends, perform upgrades, and make recommendations regarding security hardware, software, processes, and procedures as required.
Configure and manage security tools, such as firewalls, intrusion detection/preventions systems (IDS/IPS), antivirus software, and encryption solutions.
Stay up to date with the latest security technologies and trends, recommending and implementing improvements to the existing security infrastructure.
Conduct regular security testing, including penetration testing and vulnerability scanning.
Ensure that security measures meet compliance requirements for relevant regulations and standards.
Maintain detailed documentation of security configurations, procedures, and incident reports.
Assist with audits and compliance reviews, providing evidence and explanations of security controls and practices.
Collaborate very closely with IT and development teams to integrate security practices into software development lifecycle and infrastructure.
Plays an advisory role in application and/or web development projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
Collaborate with external vendors and partners to enhance security measures and address potential threats.
Develops security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
Promote user security awareness and manage the distribution of end user training.
Provide guidance and support to other IT staff on security-related matters.
Some occasional traveling may be required.
Perform other duties and special projects as assigned.

What you need: (Requirements)

Minimum

Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.
Minimum 5 years of experience in an IT Security role.
Certifications REQUIRED in one or more of the following: Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensics Analyst (GNFA), Offensive Security (OSCP/OSCE/etc.), or other relevant certifications.
Strong knowledge of security protocols, encryption, and authentication mechanisms.
Experience with security tools and technologies, including firewalls, IDS/IPS, and SIEM systems.
Familiarity with operating systems (Windows, Linux) and network security concepts.
Experience with threat analysis, incident response, and vulnerability management.
Advanced problem solving and troubleshooting skills, with the ability to develop effective long-term solutions to complex problems.
A solid understanding of endpoint/network defenses and security incident response.
A deep understanding of the various technologies, services, and specifications that comprise and enterprise network.
Must have excellent attention to detail and the ability to deliver within assigned timelines.
Ability to set priorities and accomplish tasks with minimal supervision.
Must be willing to support a 24 x 7 production environment (on-call rotation, or 24x7 on-call duties for administrators of systems/services).
Ability to work independently and in a team environment.
Excellent oral and written communications skills.

Preferred

Experience with cloud security and technologies (AWS, Azure)
Experience with DevSecOPs practices and tools.
Experience in conducting research and identifying methods to detect emerging cyber threats, attack methods, and evolving Tactics, Techniques, and Procedures (TTPs) with an emphasis on phishing and/or cybercrime.
Experience with data analytic techniques, including machine learning, statistics and data mining to solve core business challenges.
Working knowledge of a broad range of security technologies, including NextGen Firewalls, DLP, NAC, IDS/ IPS, IdAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management.
Prior work experience implementing security standards and procedures.