C Joy Carroll
Security Engineer
US-MI-Southfield
Feb 20

--------------------------------------------------------------------------------

JOB DESCRIPTION
---------------------------------------------------

JOB TITLE: Security Engineer

 

DIVISION: Information Technology LOCATION: Southfield, MI

 

TITLE OF IMMEDIATE SUPERVISOR: Chief Information Officer

 

 

 

GENERAL DESCRIPTION OF JOB:

 

The Security Engineer’s role is to provide technical assistance with the design, installation, service and maintenance of the enterprise computer systems, servers, and network connections and to ensure their secure operation. As a hands-on technical specialist this includes checking server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, troubleshooting and related technical information security tasks. This person will also analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required.

 

MAJOR JOB ACCOUNTABILITIES/ESSENTIAL FUNCTIONS:

 

  1. Provides technical engineering and/or architectural guidance in the area of computer threat management, centralized reporting for implemented tools, active and passive monitoring tools and techniques, and incident report action and follow through.
  2. Provides technical assistance with the initial set-up and secure deployment of systems that support information security including virus detection systems, firewalls, content filtering systems, web site blocking systems, and software license management systems.
  3. Will be the primary person to establish, configure, tune and administer all security monitoring activities to include network, system and application vulnerability scanning, intrusion detection (IDS/IPS) monitoring and logging.
  4. Demonstrates a solid understanding of technical and platform security technology, processes and strategies at the enterprise level to ensure that all business and technical initiatives are implemented to the appropriate level of protection.
  5. Offers technical information security consulting services to personnel who are responsible for one or more information security systems. These people include Network Administrators, Systems Administrators, and Database Administrators.
  6. Evaluates information system bug reports, security exploit reports, and other information security notices issued by information system vendors, government agencies, universities, professional associations, and other organizations, and as needed, makes recommendations to the Security Director and internal management to take precautionary steps.
  7. Will lead and participate on security projects that support the Information Security Program using the specialized expertise and discipline of information security.
  8. Will run or work with others to conduct security reviews and risk assessments of applications and infrastructure with industry standard tools and methodologies.
  9. Interprets information security policies, standards, and other requirements as they relate to a specific internal information system, and assists with the implementation of these and other information security requirements.
  10. Designs, redesigns or reengineers internal information handling processes in accordance with policy so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability.
  11. Understands the implications of federal, regulatory, external, and internal audit requirements.
  12. Will use security metrics and statistics on incidents and on-line threats to demonstrate effectiveness, compliance, and return on investment.
  13. Will function as a resource for securing networks, systems, and applications. Serves as technical expert for IT and business needs relating to security technology.
  14. Responds to and conducts investigations of known or suspected security incidents or violations and prepares reports on them.
  15. Keeps IT and business teams appraised of technology trends, best practices and applications as appropriate.

 

JOB REQUIREMENTS/SPECIFICATIONS:

 

  • Well-developed analytical skills and an ability to translate technical data into practical business solutions.
  • Must be able to communicate effectively at any level of the organization, including making presentations
  • Must have a strong network infrastructure, systems and administration background and a familiarity with application and network level security practices. It is essential to have a foundation in good information security practices as well as a consultative nature, pleasant client facing appearance, and the ability to act as a liaison between application proponents, network/system owners and other security processes.
  • Working knowledge of IT security for Windows NT/2000/2003, Cisco IOS, Firewall, IPS,
  • Must be able to work independently to solve problems using appropriate methods and channels in a timely manner, thinking strategically to creatively provide solutions and ideas, while considering a broad range of internal and external factors.
  • Must be willing and able to act collaboratively with the IT Business Liaisons and the Security Director to recommend, establish and maintain a level of information security that is appropriate to the business needs.
  • Proven success in project management and participation preferred
  • Must be able to travel appropriate amount of time to achieve pre-set objectives. (Including, but not limited to: technical seminars, location visits, vendor contacts and other trips as needed.)

 

Education: BS/BA in Computer Science,

Industry standard Information Security certifications CISSP, CISM, SANS, GIAC certification..

 

 

 

COMPETENCIES:

 

MAJOR JOB ACCOUNTABILITIES/ESSENTIAL FUNCTIONS: List the major accountabilities/essential functions (outputs) in descending order of importance. Assign a priority to each accountability (A=high; B=normal; C=low) and estimate the percent of time spent producing each output. Most jobs can be described using 6 to 8 output statements.

 

 

Importance

Accountability

Time

Priority

1

Administration and Monitoring of Security solutions

40%

A

2

Assist in Projects and implementation of new processes

30%

A

3

Keep in touch with cutting edge industry technical knowledge

10%

B

4

Risk Assessments\Vulnerability Scans\Threat remediation

20%

A

5

 

 

 

6

 

 

 

7

 

 

 

Dawn Byrnes

Senior Recruiter
Joy Carroll & Associates, Inc.
1735 E. Big Beaver Rd
Troy, MI 48083
248-619-9400 ext 133
248-619-9402 fax
www.joycarroll.com