Engineer, Information Security Job Description
Engineer, information security
provides adequate security and compliance against specific standards such as NIST 800-53, NIST 800-171, ISO 27001, FedRAMP and other customer requirements.
Engineer, Information Security Duties & Responsibilities
To write an effective engineer, information security job description, begin by listing detailed duties, responsibilities and expectations. We have included engineer, information security job description templates that you can modify and use.
Sample responsibilities for this position include:
Emphasis on configuration and support for new and existing applications into CA Single Sign-On
Provides information security expertise and consulting to internal IT, Business staff and stakeholders
Performs product and solution life cycle management ensuring capacity, integrity and availability of all security systems
Aligns technologies to support overall strategy and information security framework
Planning, designing, implementing, and maintaining security-related technologies
Perform market surveys of security products and evaluate their suitability for integration into the current security architecture and networks
Develop and institute a program of regularly scheduled network vulnerability assessment
Develop high-confidence alarms and detection methods
Identify technical security risks
Conduct security monitoring and lead digital forensics and incident response activities
Engineer, Information Security Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Engineer, Information Security
List any licenses or certifications required by the position: CISSP, GIAC, CISM, CISA, SANS, CEH, DAMI, CCNA, SSL, ISC2
Education for Engineer, Information Security
Typically a job would require a certain level of education.
Employers hiring for the engineer, information security job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Engineering, Information Technology, Technical, Technology, Science, Management, Information Assurance, Computer
Skills for Engineer, Information Security
Desired skills for engineer, information security include:
PCI
SOX
HIPAA
ISO/IEC 27000
Ports
Antivirus
Application layer security
Application security
At least one programming language
DFARS/NIST SP 800-171
Desired experience for engineer, information security includes:
Experience with firewalls, intrusion detection/protection systems, strong authentication, and vulnerability assessment tools, and various other automated information security technologies for protecting or mitigating risks to applications, databases, networks, and systems
Familiarity with full life cycle information technology solution implementation from conceptualization, requirements, design and specification through development (coding or architecting), integration testing, commissioning, and retirement
Network Infrastructure Security
Web Architecture Security
Cloud, hosted services (SaaS, PaaS, IaaS) security
Customer data security management and compliance
Engineer, Information Security Examples
1
Engineer, Information Security Job Description
Job Description Example
Our growing company is searching for experienced candidates for the position of engineer, information security. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for engineer, information security
- Coordinate with Information Security Coordinators (ISCs) and oversee their activities
- Work upon long term initiatives web based IS trainings
- May lead projects and provide guidance/training to less experienced staff
- Ensure the integrity and protection of networks
- Analyze alerts develop new triggers and reporting on an ongoing basis
- Detect, investigate and recover from security incidents assisting with incident response plans
- Configuration management & automation
- Secure software development and threat modeling
- Logging & monitoring systems
- Coordinates response to security incidents
Qualifications for engineer, information security
- Understanding of information security principles, security technologies and practices in an corporate environment
- Knowledge of industry standard security regulations, policies, and procedures for information systems
- Evidence of external presentation skills a plus
- Certifications like CISSP, CSSLP a plus
- Extreme passion for information security work
- Aptitude to quickly learn new environments and technologies
2
Engineer, Information Security Job Description
Job Description Example
Our company is hiring for an engineer, information security. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for engineer, information security
- Serves as an information security consultant to KPE and active participant in B2B client audits
- The role of the cyber security engineer demands technical skill, superior customer service and the ability to think, communicate and write at various levels
- As a member of the cyber security & engineering design team, this role will work with project managers and members of their project team to ensure security requirements are designed into projects
- Researches and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors
- Assess current and potential vendors (e.g., software, hosting environments) from a technical security and information risk management perspective
- Support operational security activities including oversight of ongoing divisional security processes (e.g., incident response, ad hoc queries, periodic access reviews, vulnerability management)
- Support the development and enforcement of Global information security policies and standards
- Assist and actively participate in your team’s plans to achieve their goals (this includes those that originate from IRM and the business)
- Be part of an active team who remains current on emerging risks and technologies, key developments and strategies for the businesses you support
- Working knowledge of security auditing tools like AppScan, Nessus, Burp Suite
Qualifications for engineer, information security
- Four (4) or more years of experience with network and Security components, including firewall, intrusion detection/prevention systems, anti-malware products, forensics tools, data encryption, VPNs, vulnerability scanners, multiple operating systems (Windows, UNIX, Linux, ), and directory services (Active Directory, LDAP)
- Advanced knowledge of Windows 2008 R2 and 2012 R2 environments is desired
- Experience with writing security and IT-related documentation (e.g., white papers, procedures, technical specs, ), training peers, and presenting information to peers and leadership as required
- Minimum of one years experience executing formal review & reporting processes, e.g through pen testing, architecture reviews, incident investigation, etc
- Be strongly self-motivated with an aptitude for both individual and team-oriented work
- Experience with a wide selection of open source and commercial security tools
3
Engineer, Information Security Job Description
Job Description Example
Our innovative and growing company is looking for an engineer, information security. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for engineer, information security
- Assist in completion of NetD statistical and trend data and operational event reporting when requested
- Maintain current knowledge on new vulnerabilities and exploits
- Track, document, and report all security related events including, but not limited to, Discharge of Classified Information and Cross Domain Violations IAW CENTCOM/AFCENT policy
- Coordinate and track Information Assurance Vulnerabilities Alerts (IAVA)
- Responsible for the development of end to end security monitoring and reporting
- Evaluate new and emerging threats against existing security controls
- Support lifecycle management of data security solutions to include technology roadmaps
- Contribute to the IT Strategies that impact data security solutions to include technology roadmaps
- Lead key conversations among internal and external stakeholders
- Maintain expertise in the data security domain to provide relevant solutions
Qualifications for engineer, information security
- Requires extensive experience in network and information security with a proven track record of success
- Strong experience and detailed technical knowledge in security engineering, secure application development lifecycle processes, authentication and security protocols, and cryptography
- Active Top Secret clearance and the ability to obtain a TS/SCI with polygraph
- A bachelor's degree in a technical field is preferred but comparable accomplishments including work experience and IT certifications will be considered
- 8-10 years’ network security experience in a corporate data center environment
- Hands-on knowledge of Citrix administration tools and resources with experience administrating the direction, development, and implementation of Citrix applications
4
Engineer, Information Security Job Description
Job Description Example
Our growing company is looking for an engineer, information security. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for engineer, information security
- Hands on experience configuring and managing security tools
- Prioritize information security risks and work with the business stakeholders on remediation projects
- Respond to security incidents and assist with investigations as directed by management
- Supports and assists other team members as required to reach the team and departmental goals
- Assist in evaluating new controls and technologies
- Building new scripts and tools to act as monitoring plugins using shell, or Python
- Provide sales enablement assistance in the Asia market
- Perform or reviews security incident investigations
- Evaluate implements and/or integrate security solutions
- Perform security reviews of projects and approve access requests to sensitive data and systems
Qualifications for engineer, information security
- Experience with Linux/UNIX Windows servers, MS SQL
- Experience understanding protocols, such as, SSL/TLS, CIFS, HTTP/S, DHCP, SMTP, LDAP/S and DNS
- Experience with various security tools such as Retina, Nessus, FireEye, Snort, Nexpose, McAfee, Symantec, Carbon Black, BlueCoat, NMap, Metasploit
- The position requires individual initiative and ability to influence events, rather than passively accepting them, in order to achieve goals
- Advanced Degree with concentration in Information Security or Cyber Security preferred
- Minimum 2 years of past experience in implementing Information Security
5
Engineer, Information Security Job Description
Job Description Example
Our company is growing rapidly and is looking for an engineer, information security. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for engineer, information security
- Maintain qualified validator status with Navy or other applicable DoN agency requirement
- Develop all A&A documentation in accordance with DoD policies and procedures to ensure that accreditation packages are complete and system compliance is met for Designated Accrediting Authority or Authorizing Official (AO)
- Validation Readiness Review (IAVRR) to determine if the system security is sufficiently mature to execute the IA certification test event
- Develop associated RMF IA Artifacts to include the System Security Plan, System Design and Architecture, Contingency Plan/COOP Plan, Incident Response Plan, Audit Design, Change Control Board, Identification and Authentication, Physical and Environmental, and Remote Access artifacts
- Assemble RMF Package (Scorecard, POA&M, RAR, certification documentation)
- Provide guidance and support related to IT Contingency Planning
- Perform security and privacy risk assessments on infrastructure components
- Design, evaluate tradeoffs, and implement security enhancements
- Provide customer support in solving all phases of complex INFOSEC - related technical problems
- Review and recommend INFOSEC solutions to customer problems based on an understanding of products/systems test results
Qualifications for engineer, information security
- Hands-on experience designing, architecting and implementing various information security tools/products such as PKI, Next-Generation Firewalls, HSM’s, SIEM, Multi-Factor Authentication, IPS, NetFlow Monitoring, Full Packet Capture, Database Encryption, Privileged Identity Management
- Demonstrated experience with industry standard testing tools such as AppScan, Web Inspect, Burp Suite, Qualys, Nessus, Nmap, Metasploit
- Certification according to DoD Directive 8570.01-M for Information Assurance Technician Level 3 and Information Assurance Manager Level 2
- Active TS/SCI (minimum is TS & adjudicated SCI eligibility)
- Knowledge of requirements and methods to meet requirements delineated in the NIST 800-XX and ICD-503 (DCID 6/3) series of publications
- Experience in the identification, derivation, analysis, implementation, testing, deployment and management of cybersecurity requirements for collateral and multi-level classified information systems