Systems Security Engineer

Summary:
The Systems Security Engineer is a critical member of the Chief Information Security Officer's (CISO's) team. This is a hands-on role that requires a high level of technical and analytical expertise. Responsible for a broad range of tasks including the day-to-day administration of information security tools such as Mobile Device Management (�MDM�) and Network Access Control (�NAC�) the creation of security documentation and the research and implementation of new security suites.

 

Responsibilities:
Researches and assists in the piloting and evaluation of new tools technologies technical controls and processes to support and enforce defined security policies.



Evaluates the security posture of the mobile platforms IOT and other devices to make determinations on whether devices should be allowed and apps should be whitelisted from an information security perspective.



Compares security coverage from a platform perspective (Android iOS OSX) and determines any gaps or inconsistencies.



Reviews current security standards policies and configuration around Mobile environment.



Develops reporting and remediation strategies for vulnerabilities/misconfigurations identified in the enterprise Mobile or Device space.



Participates in a variety of information security functions � Solution Design Incident Response and Vulnerability Management.



Works with various infrastructure teams and business units to ensure policy compliance and adherence to security best practices.



Monitors system logs SIEM tools and network traffic for unusual or suspicious activity. Interprets such activity and makes recommendations for resolution



Assists in the development and documentation of security architecture policies standards and procedures.



Collates security incident and event data to produce monthly management and exception reports.



Works with outsourced vendors that provide information security functions for compliance with contracted service-level agreements.



Participates in the operation of incident management including detection response and reporting.



Contributes to a knowledgebase comprising a technical reference library security advisories and alerts information on security trends and practices and laws and regulations.



Participates in security projects and provides expert guidance on security matters for other IT projects.



Ensures audit trails system logs and other monitoring data sources are reviewed periodically and in compliance with policies and audit requirements.



Assists Lifespan staff in the resolution of reported security incidents.



Participates in security investigations and compliance reviews as requested by internal or external auditors.



Researches and assesses new threats and security alerts and recommends remedial actions.



Performs other duties as assigned.

 

Other information:
EXPERIENCE:



A minimum of ten years of IS experience with five years in an information security role.



A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.



Certifications Required (3 or more - CISSP CCSP OSCP OSWP CISA CRISC GIAC CEH Security+ CCNA Security CCNP Security JNCP PCNSE)



Expert level in security best practices and regulatory requirements.



Demonstrated information security experience around Mobile platforms (iOS Android OSX)



Mobile Device Management Experience (Microsoft Intune is current tool would accept other branded MDM solutions)



Network Access Control Experience (Forescout Cisco etc.)



Intermediate level with Wireshark and/or equivalent packet capture and analysis



Strong understanding of networking technologies from architecture best practices to packet analysis



Experience with patch management device hardening configuration auditing and other end point security best practices.



Intermediate level cryptography and cryptanalysis.



Expert in Public Key Infrastructure



Experienced in the use of virtualization technologies



Knowledge of and experience in developing and documenting security architecture and plans including strategic tactical and project plans.





Excellent technical knowledge of mainstream operating systems [for example Microsoft Windows and Linux] and a wide range of security technologies such as network security appliances identity and access management (IAM) systems anti-malware solutions automated policy compliance tools and desktop security tools.



Knowledge of network infrastructure including routers switches firewalls and the associated network protocols and concepts.



Strong written and verbal communication skills.



Ability to communicate security guidance to a non-technical audience.

 

Lifespan is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race color religion sex national origin age ethnicity sexual orientation ancestry genetics gender identity or expression disability protected veteran or marital status.   Lifespan is a VEVRAA Federal Contractor.

 

Location: Corporate Headquarters USA:RI:Providence

 

Work Type: Full Time

 

Shift: 1

 

Union: Non-Union