Description:
KP Information Security - Malicious Code Defense is seeking a security engineer with proven experience in applying defensive security tools and methods to detect and prevent malware attacks on corporate systems and to meet regulatory compliance specifications on endpoints and messaging servers. The ideal candidate will have a proven information security background in anti-virus, whitelisting, and intrusion prevention technologies and applying these mitigating solutions in a very large scale corporate environment. This highly motivated individual will use risk-based and PCI, HIPAA, and SOX regulatory compliance requirements to develop and implement security controls and monitoring solutions on workstations and servers running Windows or UNIX.
Job Role:
The Information Security Engineer will use business initiatives, risk exposure, and regulatory requirements to identify areas of need and develop mitigating security solutions. The Engineer will use state of the art security tools and collaboration with peers, system owners, vendors and business partners in defining strategies and designing system and data protections. The Engineer will be responsible for driving successful implementation of their solutions to a National network of endpoints. Additionally this engineer will oversee anti-virus protection on email messaging servers. As a subject matter expert, the candidate should be able to articulate information security requirements, risks, and solutions in business language as the development and implementation of these technologies will involve working directly with project personnel, business application owners and management teams. A thorough understanding of Windows and UNIX operating systems, system hardening, industry standard security applications, exploit methods, and common vulnerabilities and exposures is required. Working knowledge of PCI, HIPAA, and SOX regulations is expected. Excellent written and communication skills in both technical and business terms is required.
Deliverables:
Take ownership of liason role to PCI Compliance and SOX File Integrity Monitoring
Evaluate and transform risk exposure and evolving regulatory specifications into technical mitigation solutions that meet PCI, SOX, or HIPAA compliance
Develop project plans to accelerate integration and implementation of technical security controls such as application control, file integrity monitoring and intrusion prevention onto a wide variety of platforms and architectures to meet regulatory and risk mitigation requirements
Execute delivery plans with supporting departments, subcontractors and business partners
Perform second and third level problem determination and resolution
Working with PCI and Malware Security personnel, design and implement automation solutions for maintaining and reporting on steady-state compliance. Specifically:
Bring to completion 'Automated PCI Compliance Provisioning'
Define and deliver UNIX PCI compliance solutions
Define and implement end-to-end process integration for managing vulnerability mitigation and patching
Oversee and ensure email anti-virus scanning upgrade
Oversee and ensure complete migration of email anti-virus scanning to a new vendor solution
Develop PCI compliance benchmark reporting to reduce costs and ensure validation of compliance
Work with subcontractors to develop steady-state monitoring and maintenanace processes to maintain compliance
Partner with key business stakeholders to improve the overall quality of technical solutions.
Responsible for the integrity of the solution and maintenance processes for ensuring optimal performance
Participate monthly in one week of 7x24 on-call support rotation
Qualifications:
Basic Qualifications:
- Bachelor's degree in a related field and/or a minimum of 4 years of equivalent experience.
- A minimum of 10 years of experience in solutions consulting including defining requirements, developing solution alternatives and estimates and translating client's business requirements into specific systems, applications or process designs for large complex IT solutions.
Preferred Qualifications:
-5 or more years of experience in Information Security or Information Technology including 2 years in a project lead role
-Excellent written and verbal communication skills, including a strong ability to conceptualize and document complex systems for non-technical audiences
-Strong technology troubleshooting and problem-solving skills
-Passionate about improving business processes by leveraging technology and automation
-Knowledge of Regulatory Governance affecting information handling and protection (Sarbanes-Oxley, Health Information Portability and Accountability Act, Payment Card Industry Data Security Standard)
-Hands on experience with Windows, Red Hat Linux, and/or AIX operating systems
-Successful track record implementing very large complex projects in a corporate environment
-Thorough understanding of Intrusion Prevention, Application Control, File Integrity Monitoring, and Anti-Virus technologies
-Demonstrated knowledge in all Information Security domains
-Possess current Information Security certification (e.g. CCIE, CISA, CISSP, GIAC)
External hires must pass a background check/drug screen.
We are proud to be an equal opportunity/affirmative action employer.