Information Security Engineer
Location: Little Rock
General Purpose and Scope
Performs information security analysis and risk assessments, for both internal systems and external contractor based solutions containing confidential information, to identify any critical security issues that may present risk. Provide on an as needed basis evaluations of technology products, services and issues for risk determination. Collaborate with Business Units to mitigate identified risks and adhere to ATNI policies, standards, controls, guidelines, and procedures. Lead and facilitate security program projects and tasks.
Duties and Responsibilities
- Provides security and risk management services by performing risk identification, assessment, and remediation as well as regulatory and internal compliance monitoring using standards and processes as required to adequately protect personnel, facilities, infrastructure, information, and business operations.
- Plan, create, and implement security program documentation.
- Perform system risk assessments, evaluation of products, services assessments to address risk.
- Leads, facilitates security projects and tasks.
- Assist in the development of technical policies and procedures regarding LAN/WAN activities.
- Establish and maintain effective working relationships with end users, vendors, and managers.
- Identify and resolve hardware and software problems.
- Define user needs and recommend alternatives.
- Other duties as assigned.
Minimum Job Entry Requirements
- Bachelor’s degree and 1 year professional level experience; or 3 years professional level related experience; or an equivalent combination of education and professional level related experience
- Excellent writing, documentation, and communication skills.
- Excellent organizational and time management skills.
- Excellent analytical, troubleshooting, and problem solving skills.
- Knowledge of risk assessment methodologies and processes.
- Skill at creating and implement security program policies, standards, controls, procedures.
- Skill at assessing risks and form mitigation alternatives in defining remediation controls.
- Ability to independently identify, assess and document system security deficiencies and recommend solutions.
- Significant experience in supporting network firewalls (Cisco and Juniper) and proxy servers
- Understanding of network administration of Routers, Firewalls and Switching technology
- Deep knowledge of TCP/IP and related data network protocols: knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, HTTP, SNMP etc., and advanced features like IPSEC and IPv6 related protocols and accompanying protocol analysis tools (Wireshark, TCPDump, etc.)
- Deep knowledge studying and analyzing converged network technologies
- Knowledge of security and risk frameworks including NIST, SANS, HITRUST, ISO, CoBIT.
- Working knowledge of Windows/Unix systems administration and security vulnerabilities
- Working knowledge of modern communications networks and protocols (MPLS, VPNs, etc.)
- Understanding of and the ability to perform penetration testing
- Concepts of Incident response, intrusion analysis, proactive defense a plus
- Knowledge of network technologies to include wireless and mobile platforms
- Knowledge of compliance requirements including PCI, SOX, and CPI
- Must be highly motivated and able to work effectively under minimal supervision in a fast-paced environment.
- Ability to work both independently and as a team member.
- Extensive understanding of Endpoint Security for PCs and Servers.
- Attention to detail.
- Ability to perform risk assessments and testing of data processing systems.
- Training staff on network and security processes and procedures.
- Experience in a Unix operating systems
- Experience in setting up and supporting VPNs
- Experience in scripting languages such as PowerShell and Perl
- Strong customer service and results focus.
- Ability to handle competing priorities.
- Experience with McAfee products (proxies, HIPS, ATD, SIEM)
- Certifications (i.e. CISSP, CISM, CISA, and ITIL) are highly desirable but not required. Certifications must be maintained throughout employment. Candidates without certifications will be required to obtain them.
- Recent graduates of security programs considered, if applicant has other relevant experience and demonstrates exceptional aptitude and initiative.
- Applicants selected for interview may be administered a practical skills exercise.