Sr. Information Security Engineer (3824)

Company Name:
Veracity Consulting, Inc.

3824-1 - Information Security Engineer - 3 Month Contract to Hire Converting Between 85-105K DOE.

3 Month Contract to Hire - Converting between 85-105K DOE Level
10990 Roe Avenue, Overland Park, KS 66211
Sr. Information Security Engineer

Information Security Engineer II - Converting 85-100K
Information Security Engineer III - Converting 95-105K
The Information Security Engineer works closely with other members of the team to evaluate, implement and manage operational security across the enterprise.
This includes monitoring systems and networks, identifying threats and responding to violations.
The security engineer works with IT and the business to select and deploy tools and controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.
Roles and Responsibilities
Primary Duties
Researches, evaluates and recommends information-security-related hardware and software, including developing business cases for security investments.
Works with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:
Business system analysis.
Communication, facilitation and consensus building.
Coordinates and completes information security standard, process and procedure documentation.
Performs periodic quality assurance to ensure that system, network and application configurations meet security standards.
Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
Develops security awareness materials and provides ongoing security education to all levels of the enterprise.
Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
Works with IT department and members of the information security team to identify, select and implement technical controls.
Advises security administrators on normal and exception-based processing of security authorization requests.
Additional Duties
Depending on the scope of the role, the information security analyst may be asked to fulfill one or more of the following duties.
Penetration Testing and Vulnerability Assessments
Assists in developing a common set of security tools. Defines operational parameters for their use, and conducts reviews of tool output.
Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action.
Assists with risk assessment activities, analyzing the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.
Deploys, tunes and run vulnerability-scanning and penetration-testing tools with minimal supervision.
Documents results of vulnerability scans.
Collaborates with Information Security Analysts to develop remediation plans addressing identified vulnerabilities.
Definition and Implementation of Controls
Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.
Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment.
Incident Detection and Response
Provides second and third-level support and analysis during and after a security incident.
Assists security administrators and IT staff in the resolution of reported security incidents.
Participates in security investigations and compliance reviews, as requested by internal or external auditors.
Acts as a liaison between incident response leads and subject matter experts.
Monitors daily or weekly reports and analyzes security logs for unusual
and trends.
Audit Support
Supports e-discovery processes to include identification, collection, preservation and processing of relevant data.
Information Security Architecture
Assists in the development of security architecture and security policies, principles and standards.
Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies.
Researches and assesses new threats and security alerts, and recommends remedial actions.
Provides education and guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required.
Educational Qualifications
Minimum of five (5) years' IT or network security experience.
Bachelor's degree in information systems or equivalent work experience.
Advanced degree in information security, network security or IT security a plus.
Security+ or CISSP Certification.
CEH, CPT, or other vendor specific security certifications preferred.
Technical Competency
In-depth knowledge and hands on experience working with leading firewall, network scanning and intrusion detection/prevention products and authentication technologies.
Experience with penetration and vulnerability testing techniques and fixtures
Knowledge and experience with encryption methods, IPsec, PKI, remote access
(VPN) and proxy services preferred
Excellent technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
In-depth knowledge of risk assessment methods and technologies.
Knowledge of the fundamentals of project management, and experience with creating and managing project plans.
Experience in developing, documenting and maintaining security policies, processes, procedures and standards.
Occupational Personality
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Ability to interact with personnel at all levels and across all business units and organizations, and to link business imperatives with security initiatives.
Strong leadership abilities, with the capability to develop and train junior information security engineers, guide team members and to work with minimal supervision.
Strong interpersonal, written and verbal communication skills.
A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.