Job Description :
Sr. IT Security Engineer
Location - Nashville, TN
Direct hire

Our client is seeking an experienced, thorough and detail-oriented IT professional to work at their headquarters, located in the Nashville, TN area, to work in the capacity of Sr. IT Security Engineer. The chosen candidate will be responsible for working with the IT Security management team to administer the organization’s IT security programs, maintain Sarbanes-Oxley, HIPAA, and PCI DSS compliance programs, and designing, implementing, supporting a variety of security systems and applications. The ideal candidate will possess experience leading a variety of projects while being responsible, both independently and as a team member, for recommending, designing, implementing, administering, etc. pragmatic information security controls that meet dynamic tactical and strategic information security objectives.

Responsibilities
Design, implement, administer and supports multiple IT security platforms, systems, and applications.
Perform internal security risk assessments, security risk assessments of third party business partners, and detailed security risk assessments of various technologies.
Maintains knowledge of current and emerging security, compliance, and technical developments. Identifies current and potential future vulnerabilities and collaborates with others to identify, recommend, and develop risk remediation plans, and to track remediation outcomes and timelines.
Supports defined organizational operating principles via effective, pragmatic information security controls. Analyzes, defines, implements, and administers efficient business processes related to information security programs.
Works with IT security management team to administer, maintain, and continuously improve SOX, HIPAA, PCI DSS, and internal controls compliance programs, investigate known or suspected security incidents, support internal and external audits, and assist in the development and implementation of audit response Management Action Plans.
Uses project management best practices to initiate, manage, and close projects, often simultaneously across a variety of projects. Creates and maintains documents related to projects and information security.
Mentor and cross-train department team members lead meetings build and maintain strong partnerships with multiple departments coordinate with vendor/support teams.
Promotes security best practices via awareness, example, and compliance with policies and regulatory requirements
Familiar with and ability to apply time-proven, generally accepted information security methodologies, concepts and techniques.

Qualifications
Bachelor’s Degree in Information Systems, Computer Science or a related technical discipline of equivalent experience in IT security is required. CISSP, CISA or CISM certification is preferred.
7 - 10 years of IT security generalist experience (broad and deep in data, application, system, and network security domains) with complex technical initiatives is required.
Hands-on SME/lead experience with design, implementation, and administration of next generation firewalls endpoint security information and SIEM, VPN, DLP, PUM or GRC.
Experience identifying and addressing security risks associated with host and network operating systems enterprise services (e.g. directory services, email, content management and collaboration, web publishing, database, network routing and switching, and virtualization) client-server, thin-client, and web-based applications enterprise applications (e.g. ERP) cloud services and storage platforms.
Experience with next-gen firewalls, preferably Palo Alto Networks is strongly preferred.
Experience configuring and responding to security platform alerts (IDS, IPS, A/V, SIEM, DLP, etc
Experience identifying and addressing security risk is required.
Strong understanding of current and developing security technologies and trends is required.
Strong understanding of pragmatic implementation of information security controls, holistic defense-in-depth strategies, and protocols used to interconnect networks, and publish application resources.
Strong understanding of PCI, HIPAA, and SOX regulatory requirements is required.
Development/analysis proficiency in one or more scripting languages is required.
Ability to occasionally work during non-standard shifts, in an on-call capacity is required.
Up to 10% Regional/Domestic travel is required.
Excellent decision-making and problem solving skills are required.
Excellent communications (i.e. verbal, written, presentation and interpersonal) are required.