Five (5) years of information security and/or network security experience.
Familiarity with regulatory and legal security standards and requirements, such as Sarbanes-Oxley, HIPAA, and NIST Network, operating systems, database, and application security concepts, methodologies and technologies.
A proven record in infrastructure, networked systems and/or support systems security assessment, vulnerability identification, mitigation, and prevention.
Security Clearance Requirements:
Must be able to obtain and maintain a Department of Defense (DoD) Top Secret clearance.
Due to U.S. Government regulations, this job is only open to U.S. Citizens.
Candidate must hold and maintain at least one of the following professional certifications: CISSP, SANS GIAC, CCNA Security, CCSP, CCIE Security, or applicable technical certifications.
The qualified candidate’s primary responsibility will be to design, develop, and implement enterprise network security strategies. This position is additionally responsible for monitoring and verifying that the network is appropriately protected from internal and external threats, while enabling the organization to work effectively and productively. The position evaluates the risk versus the business value to mitigate and make appropriate recommendations for the business. It also works with multiple groups to remediate vulnerabilities. The position will evaluate relevant systems and networks for security vulnerabilities. The engineer will take these results and validate the risk to the network and calculate the potential effects a denial or manipulation effect would have on a given network.
Position Essential Functions:
· Configure, deploy, fine-tune, and monitor firewalls, proxies, security information, and event management systems, intrusion detection systems, vulnerability scanners, multi-factor/strong authentication technologies, and logging servers.
· Conduct information security risk assessments and risk management services, providing security risk evaluation mitigation and solutions to projects and initiatives.
· Define global security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.
· Provide in-depth support for information security incidents including internal violations, hacker attacks, viruses, and system outages. Assist with the investigation of security breaches, policy violations, and other security incidents.
· Serve as the information security subject matter expert by providing guidance and consulting services to IT research teams and business units on matters related to security.
Position Additional Functions:
· Perform or review security incident investigations understanding power plants, public works, and national, state, and local infrastructure.
· Assist in developing responses to internal and external audits, penetration tests, and vulnerability assessments.
· Direct technical system analysis on the networks associated with the customer.
· Analyze data streams at all data layers.
· Research emerging technologies in support of security enhancement and development efforts.
· Validate and verify system security requirement and analysis.
· Manage the development, implementation and training of Standard Operating Procedures.
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. The position requires some light physical effort. This would require the ability to lift or move objects up to ten pounds and occasionally lift or move objects up to 25 pounds.
Less than 10 percent travel anticipated.
STC is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status, or any other characteristic protected by law.