Job Description :
JOB TITLE: Security Engineer
Duration - 12mths plus
Location is Boston, MA
Hours – 40 hours per week
Position Summary:
Provide oversight, guidance and prioritization to the sub team in systems requirements planning, systems security architecture, and continuous monitoring. Support the Chief Information Security Office in security program management and security human capital management. Liaise with IT partners to establish and maintain daily working relationship.
License and/or Certification Requirements:
GSLC, CRISC, SSCP, CISSP, CISSP-ISSAP, CISSP-ISSEP, CEH, CompTIA Security + or equivalent certification preferred.
Job Duties:
Security Program Management
o Perform necessary due diligence activities to determine third-party vendor adherence with IT compliance requirements.
o Serve as InfoSec Lead for initial detection, analysis, and investigation of security events to determine likelihood of compromise and respond according to Executive Information Security Incident Response processes.
o Advise the CISO by identifying critical security issues; recommending risk-reduction solutions.
o Communicate with customers to determine when InfoSec support is needed.
o Integrate and share information with other analysts and other teams.
Security Human Capital Management
o Manage, mentor and implement professional development plans for direct reports, working closely with Human Resources.
o Assist in the management of a workforce by ensuring the fair and consistent application and strict adherence to the rules, regulations, collective bargaining agreements (if applicable) and policies of the Authority including the EEO, Anti-Discrimination and Anti-Harassment and Anti-Retaliation policies.
Systems Requirements Planning
o Design and document security architecture guidelines and requirements.
o Maintain a current understanding of technology trends to participate in evaluation of potential technology improvements or shifts.
Systems Security Architecture
o Lead the development and improvement of architectural and security designs.
o Serve as a subject matter expert to executive leadership on a range of cybersecurity best practices, architectures, solutions and technologies.
o Provide cybersecurity architecture services to business partners to ensure the secure delivery of all technology.
o Ensure architectures, technologies and solutions align with and integrate regulatory requirements and industry best practices.
o Provide strategic and tactical cybersecurity guidance for technology projects.
o Attend Change Advisory Board and Architecture Review Board Meetings.
Continuous Monitoring
o Analyze the effectiveness of IT control activities and report on them, with actionable recommendations, to the CIO, the CISO and IT managers.
o Develop applications scanning and monitoring capabilities.
General
o Respond to each inquiry, whether from a customer, vendor or co-worker in a timely, courteous and professional manner.
o Stay abreast of information security issues and regulatory changes affecting transportation at the state and national level.
o Perform special projects and other duties as assigned.
Job Qualifications:
Bachelor’s degree in related technical or engineering field or supplemental professional experience. Relevant experience can be substituted for degree.
7+ years’ experience in an IT environment, with experience leading information assurance and security architecture teams, and managing and providing technical leadership for complex enterprise security projects.
Deep understanding of vulnerability assessment and validation processes.
Ability to analyze and determine the applicability of data, to draw conclusions and make appropriate recommendations.
Ability to assemble items of information in accordance with established procedures.
Ability to determine proper format and procedure for assembling items of information.
Additional IT experience as a programmer, system administrator or network engineer preferred.
Demonstrated ability to perform a risk-based approach to securing applications, databases, or infrastructure.
Demonstrated process orientation – the ability to build repeatable and reusable processes.
Excellent verbal and written communication skills.
Knowledge of the principles, practices and techniques of supervision.
Knowledge of the laws, rules, regulations, policies, procedures, specifications, standards and guidelines governing assigned unit activities.
Knowledge of SIEM technology (QRadar preferred
Knowledge of NAC technology (Forescout preferred
Knowledge of or experience with security architecture framework.
Knowledge on threat landscape, security threat and vulnerability management, as well as security monitoring and analytics.
Knowledge in compliance frameworks and requirements such as PCI, HIPAA, SOX, etc.