Senior Information Security Engineer [653116] in Seffner, FL at Rooms To Go

Date Posted: 6/3/2018

Job Snapshot

Job Description

As a member of the Information Security Team, the Senior Information Security Engineer will collaborate with other teams within the Rooms To Go Information Technology department as well as other business units to complete tasks and projects. They will work together to secure Rooms To Go's internal and external infrastructure. This includes the on-going maintenance and management of hardware and software that secures the company's networks and systems, analyzing and troubleshooting problems and monitoring for potential security problems or incidents.  Among other technologies, this role requires understanding of the Akamai WAF suite of services.

The essential duties and responsibilities include, but are not limited to:

  • Independently work within the IT Infrastructure group to see projects through completion;
  • Maintain regulatory compliance by making project recommendations to the Information Security Manager regarding architecture, processes, and procedures to help maintain a PCI compliant environment that meets current and future business objectives;
  • Liaise, as a highly valued team member, with many business units and the Information Security Team in order to plan current and future technical designs that will help achieve a secure environment (at the direction of management, additional duties may include providing support at an intermediate level to include an "On Call" rotation);
  • Manage Information Security owned projects as well as provide input and guidance to other IT projects;
  • Identify and remediate issues that impact the security of the information enterprise;
  • Generate documentation relevant to information security solutions;
  • Actively participate in information security reviews and audits; and
  • Synthesize information generated from logs, SIEM, and other sources to effectively respond to emerging threats.

Considered applicants must possess the following experience, knowledge, skills and training:

  • Strong organizational, problem-solving, and communication (both written and verbal) skills;
  • Ability to learn new technologies and concepts quickly, and apply that knowledge effectively;
  • 8-10 years of network/operational/application security, with verifiable expertise in the following:
    • Network IPS
    • Network DLP
    • Security Information and Event Management
    • Understanding of network concepts and infrastructure (LAN, WAN, routing, switching, and WLAN)
    • Next generation firewalls
    • Endpoint security (AV, HIPS, Application Whitelisting, DLP)
    • Forensic analysis
    • Proxy and Web Content Security
    • Vulnerability Management
    • Email Content Security
    • Two-Factor Authentication
    • SSL And Site-To-Site VPNs
    • File Integrity Monitoring
    • Advanced Malware Analysis (manual and automated toolsets)
    • Public Key Infrastructure
    • Encryption
    • PCI/DSS 3
    • Incident Response
    • Information Security program lifecycle and development (policy, process, procedure);
    • Familiarity with:
      • Windows and Linux platforms
      • Storage concepts (iSCSI, CIFS, and NFS)
      • Application security
      • Helpdesk technologies and methodologies
      • Security Awareness and Education
      • Various other technical solutions (clustering, IIS, Apache, SQL, Java, load balancing)
      • Isolating and troubleshooting complex problems
      • Working as a member of a large enterprise IT team
      • Mentoring others
      • Time Management;
      • Bachelor's degree in Information Technology or related field;
      • CISSP preferred;
      • Industry standard and vendor certifications, such as CompTIA, GIAC, Cisco, and Microsoft preferred; and
      • PCI QSA training preferred.

Job Requirements

Candidates need to have verifiable expertise with:

  • Strong organizational, problem-solving, written and communication skills
  • Isolating and troubleshooting complex problems
  • Host hardening concepts and standards
  • Endpoint concepts and platforms (Windows, Mac, and Linux)
  • Time management concepts
  • Network Intrusion Detection/Prevention concepts
  • Network concepts, design, and platforms (LAN, WAN, routing, switching, and WLAN)
  • Next generation firewall concepts and platforms
  • Proxy and Web Content Security
  • Email Content Security
  • File Integrity Monitoring
  • Incident Response
  • Auditing Methodologies
  • Information Security program lifecycle and development (policy, process, procedure)
  • Endpoint security (AV, Host IPS/IDS, Application Whitelisting, DLPe, and HDD/File level Encryption)
  • Reverse proxy concepts and technologies
  • Two-Factor Authentication
  • Mobile Device Management
  • Bachelor's degree in Computer Science Information Systems or an equivalent combination of education, work experience, or applicable certifications.
  • 5-7 years of network/operational/application/endpoint security experience
  • Knowledge/training of ITIL or other IT standardization models