Information security engineer

About Sandy Paws

Sandy Paws is an innovative and visionary organization providing information technology solutions and services to customers.

We take an agile, collaborative approach to creating customized solutions across the digital value chain. Through our partner ecosystem, we offer solutions that enable continuous innovation and improvement by managing and optimizing technology, processes, and policies in real time.

Job Description

Key Responsibilities:

• Coordinate, measure and report on the technical aspects of security management.
• Provide operational support across core platforms, including testing, improving, and maintaining new and existing systems, working closely with all technology teams to ensure system consistency.
• Ensure operational standards are met and relevant documentation, knowledge bases, and operational manuals/runbooks are maintained.
• Rapidly resolve incidents and problems in compliance with the firm's incident management process.
• Design, coordinate, and oversee security testing procedures to verify the security of systems, networks, and applications, manage remediation of identified risks.
• Conduct configuration reviews of the IT environment.
• Manage day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, communicate information about residual risk.
• Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
• Provide security communication, awareness, and training for audiences ranging from senior leaders to field staff.
• Work as a liaison with vendors and legal departments to establish mutually acceptable contracts and service-level agreements.
• Manage production issues and incidents, participate in problem and change management forums.
• Consult with IT to ensure security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
• Work with CISO to develop a security program and security projects addressing identified risks and business security requirements.
• Manage the process of gathering, analyzing, and assessing the current and future threat landscape.
• Monitor and report on compliance with security policies, enforcement of policies within the IT department, working in alignment with existing change control systems to ensure rollout of security improvements harmonized with existing workstreams.
• Lead technical security implementations fulfilling key security control requirements, propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
• Manage the state of 'Security Knowledge' within the team.

Requirements:

• Bachelor's degree in software engineering, Computer Science, or other related fields from a recognized university.
• Relevant certifications in Information Security Technologies such as GSEC, GCIH, AWS Certified Security or equivalent.
• 5+ years of IT experience, with 3+ years in an Information Security role.
• Experience applying security controls to Microsoft Windows and/or LINUX based environments.
• Experience with industry frameworks especially the Payment Card Industry Data Security Standard (PCI DSS).
• Familiarity with principles of cryptography and cryptanalysis.
• Familiarity with Microsoft environments, Microsoft 365 security, AWS cloud environments, high availability systems, Linux Kubernetes, and Fortigate firewalls.
• Familiarity with device management via Microsoft Intune.