Trabajo de Information Security Engineer en Centris Information Services, Nuevo León - México

Information Security Engineer

Information Security Engineer

 

The Opportunity:

We are a US-based insurance company looking for talent to be employed through Centris Information Services, our partner in Monterrey, MX.  

 

Requirement: Must be fully fluent in the English language 

ALL RESUMES MUST BE SUBMITTED IN ENGLISH.   

 

The Security Engineer is responsible for supporting the Information Security team and its functions. The Security Engineer is expected to perform daily, quarterly, and annual tasks, review security events and reports, perform risk and vulnerability assessments, and administer the systems that the team maintains to secure the environment. Many duties are project-based, and require the Security Engineer to effectively plan, design, and implement projects with minimal oversight.

 

The Nuts And Bolts

·          Self-educates and continually develops skills around evolving security threats and of new security methods/technologies;

·          Performs security risk assessments, provides recommendations, and presents findings.

·          Identifies security requirements for projects and operational changes.

·          Monitors and enforces adherence to Information Security policies.

·          Contributes to improvement efforts for security policies and procedures.

·          Assists in improving security for Software Development Life Cycle (SDLC) processes.

·          Performs both automated and manual web application security testing and exploitation; recommends improvements as needed based on assessment findings.

·          Assists with internal and external audits including PCI, user audits, and general controls.

·          Establishes and maintains baselines for threats, vulnerability, and impacts.

·          Serves as information security consultant to the organization for all departments as needed.

·          Reviews daily dashboards, logs, alerts, and reports.

·          Performs forensics investigations and serves as an advanced responder to security incidents, including tracking and reporting of security incidents.

·          Develops and maintains vulnerability scan reports for remediation efforts.

·          Tests accuracy and verifies false positives for vulnerability scan output.

·          Consolidates and designs/architects firewall environments.

·          Develops, maintains, and executes on assigned projects and associated project plans.

·          Manages/configures/maintains the following types of solutions:

·          Security Information and Event Management system (SIEM);

·          Firewalls;

·          Intrusion Prevention;

·          Data Loss Prevention;

·          Email Filtering;

·          Web Filtering;

·          Advanced Malware Protection (Threat Emulation/APT Prevention);

·          File Integrity Monitoring;

·          Forensics Software;

·          Vulnerability Management/Assessment Software;

·          Web Application Scanning Software; and

·          Anti-virus Software

·          Develops hardware/software security hardening templates; evaluates and ensures that systems security meets or exceeds best practice standards.

·          Implements or coordinates resolution/remediation of all security related issues.

·          Performs other duties as assigned

 

Competencies And Skills

·          Strong working knowledge of Layer 2 and Layer 3 networking, both wired and wireless.

·          Strong background in firewall administration and support.

·          Working knowledge of proxies and load balancers.

·          Experience with the following technologies:

·          SIEM or log management solutions;

·          Virtual Private Networks (VPNs) including site-to-site tunnels;

·          Intrusion Prevention;

·          Data Loss Prevention;

·          Email Filtering;

·          Web Filtering;

·          Advanced Malware Protection (Threat Emulation/APT Prevention);

·          File Integrity Monitoring;

·          Forensics Tools;

·          Vulnerability Management/Assessment Software;

·          Web Application Scanning Software; and

·          Anti-virus Software

·          Working knowledge of multi-factor authentication (MFA).

·          Understands cryptography and cryptographic key management.

·          Familiarity with Linux operating systems.

·          Strong background with Windows operating systems.

·          Working knowledge of Active Directory and Group Policy.

·          Understanding of web servers and web services.

·          Understanding of database infrastructure and database security.

·          Familiarity with SIP and VOIP.

·          Self-motivated and driven technical contributor.

·          Able to work independently and as part of a team to achieve set goals.

·          Able to prioritize multiple tasks and quickly change focus to high priority items.

·          Strong interpersonal, verbal and written communication skills.

·          Able to plan and execute effective strategies that have led to measurable business growth, significant expense reduction, or improved productivity.

·          Strong analytical and problem-solving skills.