top of page

Information Security Engineer

Washington D.C., DC, USA

Job Type

Security

Essential Duties and Responsibilities:

  • Works with Chief Information Security Officer and other IT and cybersecurity team members to identify, understand, document, and advise on security requirements, impacts, and risks.

  • Manage the Information Security Management System (ISMS) in accordance with industry standards such as ISO 27001.

  • Utilizes knowledge of SiEM solutions like Splunk, Rapid7 I sight IDR etc.

  • Develop and implement information security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of information systems and data.

  • Conduct risk assessments and vulnerability scans to identify and mitigate security risks.

  • Ensures vulnerability test and security review results are communicated, assigned, and tracked appropriately.

  • Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs.

  • Ensures compliance with relevant regulations and standards, such as GDPR, HIPAA, PCI-DSS, and SOX.

  • Manage the security of the organization’s networks, systems, and applications.

  • Develop and implement security awareness initiatives and training programs for employees.

  • Conduct periodic desktop exercises and drills for employees.

  • Monitors threat awareness information to identify vulnerabilities.

  • Respond to security incidents and conduct investigations, as necessary.

  • Assists IT staff to secure hardware, peripherals and other equipment. Ensures quality controls of new computer images periodically to verify all security standards are being met and applied.

Qualifications:

  • Bachelor’s degree in Computer Science, Information Technology or related field required

  • Minimum 5 years in information security related experience in a professional services environment

  • Strong knowledge of application and infrastructure security solutions (Firewalls, Intrusion Detection/Prevention Systems, Network Security, Password Management, Data Encryption and Access Control), project management

  • Experience managing an Information Security Management System (ISMS) in accordance with ISO 27001

  • Advanced knowledge of Linux, Mac, and Windows servers

  • Demonstrated knowledge conducting risk assessments and vulnerability scans

  • Familiarity with relevant regulations and standards, such as GDPR, HIPAA, PCI-DSS, and SOX.

  • Familiarity with securing cloud-based applications including but not limited to Azure, AWS, O365, NetDocuments, etc.

  • Relevant industry certifications, such as CISSP, CISM, or CISA, are a plus

  • Ability to script in Bash, Python or Perl preferred

  • Experience and familiarity with the ITIL framework and processes preferred


#LI-AF1

bottom of page