Security Engineer

Top Skills' Details

1.) 6 + years’ experience as an Information Security Engineer with system design and security engineering experience implementing a wide range of security solutions both on prem and in the cloud (Azure)

2.) Oversee and lead the implementation of security solutions; develop technical and reference architectures throughout the project duration. (DLP, IAM, Vulnerability Management, Network Security, Windows Infrastructure and Systems)

3.) Knowledgeable with Microsoft 365 suite of products

Description

Position Description:

Reporting to the Director of Information Security, the Security Engineer is a hands-on security professional, responsible for ensuring security in the SDLC, implementation, and operational maintenance of Maxim Information Security controls and countermeasures.

• Performs security functions including IAM, vulnerability scanning, light pen testing, daily review of security reports and security systems.

• Generates internal threat intelligence to feed back into the security stack.

• Monitors compliance with the organization’s information security policies and procedures and refers problems as appropriate.

• Monitors internal control systems to ensure that appropriate information access levels are maintained.

• Defines systems security requirements and participates in design architecture discussions.

• Develops security countermeasures to detect malicious activity and creates operational and compliance dashboards & reporting.

• Supports incident response infrastructure & cyber intelligence platform.

• Initiates, facilitates, and promotes activities such as security awareness training to foster information security awareness within the organization.

• Reviews system-related information security plans throughout the organization’s network and acts as a liaison to the Information Systems Department.

• Ability to work independently on goals and direction provided by the Manager of Information Security, and/or Director of Information Security.

• Ability to lead project level initiatives.

• Maintains deep understanding of information technology networking and infrastructure, particularly as they pertain to network and cyber security.

• Develops written security process and procedures for systems and software within area of expertise to ensure consistent security policy implementation.

• Performs mitigation and or remediation on vulnerabilities to an acceptable compliance level.

• Performs annual reviews of documentation to meet requirements.

• Builds and maintains positive IS team partnerships.

• Works closely with enterprise IT, Delivery, and other functional area specialists to ensure adequate security solutions are engineered in cloud environments to mitigate risk, meet business objectives, and regulatory requirements.

• Serves as a cloud security consultant to help project teams comply with enterprise and IT security policies, industry regulations, and best practices.

• Implements and operates cloud security technologies to include preventative, detective, and compliance controls.

• Ability to help lead and direct team in daily job assignments.

• Mentors of junior staff.

Essential Duties and Responsibilities:

• Provide oversight and assess security controls for IaaS, PaaS, and SaaS services while collaborating with system integrators and the client’s teams to deliver reliable and scalable security capabilities.

• Oversee and lead the implementation of security solutions; develop technical and reference architectures throughout the project duration.

• Perform as a subject matter expert on IAM and Cloud technologies, recommendations on security infrastructure and raise security risks in a timely manner.

• Develop security requirements for complex internet-facing applications and associated infrastructure components.

• Assess and review end-to-end secure integrations, including web services and APIs.

• Work closely with the information system, security teams and third-party system integrators on security engineering-related issues, resolving challenges without affecting project delivery timelines.

• Monitor information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; and report on incidents, vulnerabilities, and trends.

• Analyze trends, news, advisories, and changes in threats, and conduct security assessments with risk mitigation plans.

• Review vulnerability management reports and follow up with technical stakeholders on remediation efforts.

• Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinate with incident responders.

• Ability to work under pressure in a fast-paced environment.

• Strong attention to detail with an analytical mind and outstanding problem-solving skills. • Experience with Healthcare security requirements, such as ISO, HITRUST, NIST along with PCI.

• Adheres to policies, procedures, guidelines relative to departmental operations.

• Performs other duties as assigned

Minimum Requirements:

• Bachelor’s /Master’s degree from an accredited college/university or equivalent work experience.

• 6 - 8 years’ experience as an Information Security Analyst/Engineer with system design and security engineering experience implementing a wide range of security solutions both in cloud and on-prem.

• Knowledge of security engineering to ensure security solutions development aligns with the defined architecture strategies.

• Professional certifications in security; Security +, CEH, CCSP, CISSP.

• Strong understanding of secure design and reviews, identity and access management.

• Extensive hands-on knowledge of IAM best practices, procedures, and software solutions.

• Comprehensive knowledge and experience with authentication standards & technologies, such as single sign-on (SSO), two-factor authentication, privileged access management.

• Excellent communication, presentation, and documentation skills.

• Experience with Requirement Analysis & Technical Troubleshooting.

• Experience with System & Technology Integration.

• Ability to work comfortably under pressure and deliver on tight deadlines.

• Ability to analyze data and information with a detailed understanding of regulatory requirements (HIPAA), as well as security frameworks (NIST CSF) and IAM methodologies.

• Ability to maintain the highest standards of confidentiality, integrity, and personal accountability when working with sensitive & restricted data.

• Proven experience in overseeing the direction, development, and implementation of software solutions.

• Strong knowledge of system and software quality assurance best practices and methodologies.

• Excellent written and oral communication skills; comfortable speaking in front of small to medium sized groups.

• Excellent listening and interpersonal skills.

• Ability to communicate ideas in both technical and user-friendly language.

• Highly self-motivated and keen attention to detail.

• Ability to effectively prioritize and execute tasks in a high-pressure environment.

• Experience working in a team-oriented, collaborative environment.

• Mentor and/or provide guidance to other members of the security team.

• Computer proficiency including Microsoft Office Suite (Word, Excel, Teams, etc.)

Preferred Qualifications

• Bachelor’s or equivalent years of work experience (Minimum 8 years of security experience plus industry security certification).

• Extensive knowledge of security technologies.

• Extensive knowledge of LAN administration.

• Extensive knowledge documenting and maintaining processes and procedures.

• Extensive knowledge of data privacy practice and laws.

• Deep understanding of regulatory and compliance standards in the healthcare industry.

• Other Security Certifications desired (Security+, CEH, CRISC, GSEC, SSCP, CISA, CISM), Azure Solutions Architect Certification, Microsoft Azure Architect Certification & Microsoft Azure Architect Technologies.

• Experience with one or more programming languages such as C++, Java, Python, or JavaScript.

• Experience with Microsoft Directory Integrations (Active Directory/AD Agent).

• Experience with Okta components and tenant configuration.

• Experience with Logs Management tools.

• Experience with Windows, Linux / Unix, scripting (PowerShell, or Perl), Active Directory, LDAP, SQL, and web services.

• Extensive knowledge of Identity Access Management (IAM), SAML, Federation, Privilege Access Management (PAM), and MFA technologies.

• Expertise in Data Security (Cryptography and Encryption).

• Knowledge of advanced Auditing and Log Management tools.

• Experience with security vulnerabilities scanning tools.

• Understanding of Cloud Access Broker Services (CASB) and configuration best practices.

• Proficiency in using Data Loss Prevention (DLP) tools and applying best practices.

• Familiarity with user behavior monitoring.

• Strong data analysis skills for Network, Cloud, and Endpoint data.

• Ability to optimize security tools and controls effectively.

Skills

Security, Information security, Cyber security, Security architecture, Vulnerability management, Network security

Top Skills Details

Security,Information security,Cyber security,Security architecture,Vulnerability management,Network security

Additional Skills & Qualifications

Information Security Engineer

• 12-month contract to hire

• 2 days on-site in Columbia, MD

• Windows Infrastructure and Systems Security: M365 Compliance and Governance; Cisco Network Security: Palo Alto firewalls; Okta IAM Security

• This person could grow into a Security Architect role

• Cloud Governance

o Azure, O365

• IAM – Okta implementation

• Entra ID

• Vulnerability Management

• DLP

Experience Level

Expert Level