Job Description

Reference # : 17-05352Title : Senior Systems Security Engineer
Location : Sleepy Hollow, NY
Position Type : Contract
Experience Level : Start Date : 06/06/2017
Description
Primary Responsibilities
Client is seeking an experienced and reliable Senior Systems Security Engineer to conduct security risk / technical assessments, reviews and/or audits of the client's third party vendors and partners. The individual will work as a member of the Systems Unit Security team and will be responsible for assessing the security posture of vendors and partners by conducting onsite Security based Quality (or Due Diligence) Reviews, Technical Assessments and/or Audits. Additional duties include reporting on assessment outcomes and prescribing associated recommendations to internal management as well as external entities for obtaining compliance to contractual requirements, corporate policy and/or state/federal regulations.
The Senior Systems Security Engineer will work with key stakeholders to develop a risk profile for third party entities, produce formal reports of findings as well as document status of open issues / audit items. Additionally, the individual will work with key stakeholders across multiple internal and external business units (Sales, Client/Account Services, Information Security, Enterprise Technology, Compliance, Claims, Underwriting, Management) to coordinate, perform and/or participate in security reviews of external entities and to track issues / action items to closure.
Secondary responsibilities include serving as a backup Security Liaison for the department. This secondary function requires the individual to act in a backup / support capacity to the Unit's Security Analyst in processing User Access Requests or conducting Departmental or Corporate based System Recertifications.

Requirements:
Since the individual will be conducting technical security assessments / reviews and / or audits, it is necessary that the candidate have an expert understanding of network layer protocols & industry best practices. Ideally, the candidate will have experience with routers and other network devices, firewalls, proxies, operating systems (Windows/Linux), databases (SQL Server/Oracle), and Email/FTP/Web/Database/DNS Servers. Additionally, the candidate should have an excellent understanding of Security Principles and Techniques (encryption, authentication, DLP, etc), Network / Infrastructure Architecture and IT Security standards and best practices.

Furthermore, the ideal candidate should have the following:
  • BS / BE in Information Systems, Engineering, Computer Science or related field
  • At least 1 Certification in Information Security (CISSP, CISM, CISA, Security+, CEH or equivalent)
  • At least 5 years of related experience (should include experience in operating systems, network, and/or application security).
  • Knowledge of network and web-related protocols (e.g., TCP/IP, FTP, HTTP, Telnet, etc).Knowledge of / experience with common security frameworks including PCI DSS, ISO27001/2, NIST, COBIT.
  • Knowledge of Security Protocols and methods (e.g., SSL, SSH, IPSec, PGP, TLS, VPN, etc ).
  • Familiarity with state/federal regulations, e.g., NY Client, HIPAA, SOX, Massachusetts State Law
  • Strong written and verbal communication skills
  • Experience with security hardware and software technologies such as IPS/IDS, network scanners, Firewalls, TCP/lP, DNS and web security architecture
  • Proficiency in MS Office and related applications (Word, Excel, Powerpoint, Access, Visio, Project)
  • Strong organizational skills and attention to detail
  • Familiarity with domain structures (Active Directory), user authentication concepts (multifactor), and encryption principles
  • Position requires travel (up to 50%)

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online