Senior Security Engineer, Information Security

Responsibilities

  • Review Continuous Monitoring environment and determine if devices are compliant with security configurations, identify breach indicators and proactively identify insecure device configurations
  • Review various monitoring devices to evaluate the security of the environment
  • Modify the monitoring controls (endpoint logs, network logs, server logs, application logs, access logs, etc.), analysis tools (SIEM, IDS / IPS, CloudWatch, etc.) as necessary to achieve insight into the environment
  • Investigate suspicious activity
  • Modify and update the monitoring controls, SIEM, IDS / IPS, and other tools reduce the number of false positives
  • Work with other members of the Scholastic Technical team to investigate suspicious activity
  • Design security solutions to address security vulnerabilities and weaknesses
  • Continuously update the monitoring environment and tools in order to provide the correct level of insight into the environment
  • Work with other members of the Scholastic Technical team to implement security changes
  • Act as a security subject matter expert on a variety of other security questions
  • Work with the Security Architect, CISO, and Compliance team to assist in other security efforts

 

Qualifications

 

  • A bachelor’s degree in information systems, engineering or equivalent work experience;
  • Candidates with the following certifications are preferred: ISC2, SANS, ISACA, or other recognized security professional credentialing organization.
  • 3-5 years of experience in security roles with increasing responsibility
  • 2-3 years of experience in a Security Operations Center, or Continuous Monitoring role
  • Experience with a variety of Continuous Monitoring, and vulnerability scanning tools
  • 5-8 years or experience in an enterprise technology environment, ideally with experience across a variety of roles– operations, networking, systems and infrastructure architecture, or other as applicable
  • Strong infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
  • Experience determining and implementing which security controls should be used to meet a variety of security best practices
  • Experience implementing PCI, ISO, NIST 800-53, NIST CSF, CIS / SAN Critical Controls are a plus
  • Excellent written and verbal communication skills — including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences — and strong interpersonal and collaborative skills
  • Ability to operate with minimal supervision; a self-starter that can identify and fix problems without being told to fix an issue