The primary role of the Security Engineer is to design, administer and maintain the Information Security controls for the Bank’s infrastructure. This role also provides Incident Response capabilities as needed. The Security Engineer works with the team and vendors to design, install, update and maintain Information Security systems and applications to ensure the optimal function of the Information Security Infrastructure.
Independently design, develop, test, and implement effective security solutions.
Proactively evaluate and recommend new security technologies that can enhance company security.
Install, configure, and troubleshoot new Information Security systems and applications.
Support Incident Response and investigation activities as required by management.
Participate in team discussions to formulate new or enhance existing security policies, processes, and standards.
Respond to internal and external system alerts from Information Security systems and applications.
Support audit functions as directed and outlined by management.
Conduct compliance assessments of PWB technologies against industry best practices and provide recommendations.
Monitor & recommend improvements of the effectiveness of internal security systems including anti-virus, event log collection and correlation, network access control, web and email filtering systems, and IDS\IPS components.
Monitor & recommend improvements of firewall and perimeter IDS\IPS rules and configuration. Respond to security breaches and network emergencies as necessary.
Minimum 5 years of security related experience in a corporate network environment.
At least one of the following certifications is required: CISSP, GSEC, GSED, CCNA Security+, CCNA, SSCP, or MCSE.
Strong, hands-on technical knowledge of network and PC operating systems, including Windows Server, Windows Workstation and Cisco IOS and Firewalls.
Strong, hands-on technical knowledge of anti-virus and patch management systems, solutions and best practices
Experience working in an audited and regulated industry.
Strong understanding and experience with LAN & WAN technologies including design and implementation.
Strong understanding of Internet standards and protocols including TCP\IP.
Strong understanding of data privacy practices and law