Information Security Engineer - #1405033

This job was posted by https://www.arjoblink.arkansas.gov : For more

information, please see: https://www.arjoblink.arkansas.gov/jobs/4452593

The Information Security Engineer is responsible for supporting

applications used by Information Security including automation, security

Architecture, And Other Critical Functions.

ESSENTIAL DUTIES AND RESPONSIBILITIES

1\. Manage the applications & infrastructure specific to the Information

Security teams, and ensure functionality & uptime meets operational

needs.

2\. Assist in designing and implementing an automation strategy for

Information Security, including the selection and maintenance of

automation platforms.

3\. Execute the vulnerability management program, determining

criticality of patches & working with Information Security Governance

team to monitor compliance.

4\. Manage Discovery and Data Loss Prevention security analytics

platform and partner with stakeholders to develop the strategy for this

environment to support future needs.

5\. Ensure security tools are updated to reflect a complete, accurate

and valid inventory of all systems, infrastructure and applications.

6\. Conducts vulnerability assessments and other security reviews of

systems to ensure remediation based on the risk profile of the asset.

7\. Reviews and recommends improvements to company security posture

leveraging concepts such as network segmentation, resilient

authentication, least privileged access, privacy by design, etc.

8\. Develop and maintain security architecture artifacts (models,

templates, standards and procedures) that can be used to leverage

security capabilities in projects and operations.

9\. Participate in application and infrastructure projects to provide

security planning advice.

10\. Determine baseline security configuration standards for operating

systems (e.g., operating system hardening), network segmentation, and

other technologies.

11\. Develop standards and practices for data protection within the

company, including technologies such as encryption and tokenization.

12\. Track developments and changes in the technology and threat

environments to ensure that these are adequately addressed in security

strategy plans and architecture artifacts.

13\. Advocate security best practices & share insights with stakeholders

in a variety of areas (secure coding, architecture, system/app

administration, system hardening, etc.) and recommend changes to enhance

security & reduce risk..

14\. Participate in the Vendor Due Diligence process as needed to

conduct security assessments of existing and prospective vendors.

15\. Assists in e-discovery procedures when necessary.

16\. Provide support and guidance for legal and regulatory compliance

efforts, including audit support.

17\. Assist in defining metrics and reporting that effectively

communicate performance & maturity of the security program.

18\. Assist Information Security leadership in developing strategy and

roadmaps for Security team.

19\. Complete required BSA/AML training and other compliance training as

assigned.

20\. The ability to work in a constant state of alertness and in a safe

manner.

• Perform any other related duties as required or assigned.
  
  

**QUALIFICATIONS**

To perform this job successfully, an individual must be able to perform

Each Essential Duty Mentioned Satisfactorily. The Requirements Listed

below are representative of the knowledge, skill, and/or ability

required.

**EDUCATION AND EXPERIENCE**

Technical degree required in such disciplines as Computer Engineering,

CPA, etc., plus 6 years related experience and/or training, and 2 years

related management experience, or equivalent combination of education

and experience.

**COMMUNICATION SKILLS**

Ability to read a limited number of words and recognize similarities and

differences between words and between series of numbers; ability to

write and speak s mple sentences as a means for basic communication.

Ability to read and understand simple instructions, short

correspondence, notes, letters and memos; ability to write simple

correspondence. Ability to read and understand documents such as policy

manuals, safety rules, operating and maintenance instructions, and

procedure manuals; ability to write routine reports and correspondence.

ability to effectively communicate information and respond to questions

in person-to-person and small group situations with customers, clients,

general public and other employees of the organization. Ability to read,

analyze, and understand general business/company related articles and

professional journals; ability to speak effectively before groups of

customers or employees. ability to write reports, business

correspondence, and policy/procedure manuals; ability to effectively

present information and respond to questions from groups of managers,

clients, c