The Information Security Lead Engineer is responsible for owning the deployment, maintenance, and tuning all of the enterprise’s information security infrastructure. The Information Security Engineer is responsible for the continued deployment of new information security tools and technologies throughout the enterprise. The Information Security Engineer is a senior leader within the Information Security and Compliance Department who leads the deployment and maintenance of complex cybersecurity technologies. The cybersecurity lead engineer also handles complex cybersecurity cases, breaches, or other important issues.
Responsibilities/Essential Functions:
--Project Manage deployment of security solutions (NAC, IDS, EDR, MDR, DLP, etc)
--Maintain all information security solutions (NAC, IDS, EDR, MDR, DLP, etc)
--Tune all security solutions (NAC, IDS, EDR, MDR, DLP, etc)
--Serve as an escalation to the Vestis CyberSOC & MDR Teams
--Execute on the deployment of projects pertaining to Information Security
--Head Incident Response Team
--Coordinate Penetration Testing
--Execute Vulnerability Management Program
--Execute Configuration Management Program
--Provide data and reporting on all information security systems
--Assist with documenting, modifying, and publishing compliance related SOPs and policies
--All other duties, as assigned
Knowledge/Skills/Abilities:
--Proven technical hands-on knowledge of the implementation, maintenance, and tuning of security systems and integrating those systems into the enterprise: Antivirus, EDR, MDR, IDS, IPS, CyberSOC, NAC, SEIM, DLP, Hard Drive Encryption, etc. (Crowdstrike, KnowBe4, CISCO Meraki, Checkpoint Firewalls, Fortinet Firewalls, Symantec, Endgame, Splunk, Solarwinds)
--Skilled at managing projects by designing and implementing technology-enabled business solutions
--Knowledge of Mobile Device Management tools, their implementation, and ongoing support
--Knowledge of Network Segmentation: virtual and physical
--Knowledge of common cybersecurity attacks and indicators of compromise: phishing, smishing, malware, man in the middle attack, SQL Injection, Denial of Service Attacks, Insider Threats, Cryptojacking, Ransomware
--Knowledge in setting up and running information security training programs and phishing campaigns
--Skilled and proficient in MS Office O365 suite security
--Ability to effectively define a business case, determine return on investment, and measure achievement of the case over time
--Ability to manage and work on multiple concurrent deliverables at various stages of development and completion
--Strong problem solving and analytical skills
--Professional level verbal and written communication skills
--Knowledge of CCTV, Door Badge Access Systems, key management systems, and all other physical security access systems and their associated management programs
--Demonstrated attention to detail and quality of work products and communications
--Willingness to seek out and implement coaching, suggestions, and guidance from others
Working Environment/Safety Requirements:
--Ensure necessary working environment and capabilities to effectively carry out responsibilities if working from a non-Vestis location (remote work)
--Ability and willingness to handle work related issues during all hours of the day, every day of the week, understanding the responsibility of our organization’s requirement for 24/7 production support
--Ability, willingness, and flexibility to travel as needed for approved work purposes in accordance with project and management schedules
--Be legally able to work in the United States: U.S. Citizen or Legal Resident
--Be legally able to travel to Canada and Mexico
Experience/Qualifications:
--Bachelor’s degree in information technology, information security or related field or equivalent experience
--7+ years of demonstrated hands-on experience leading security and technology teams with oversight for operations, project management, budgets, and team leadership
--Demonstrated experience in successfully defining security programs, developing requirements, designing, prototyping, testing, training, defining support procedures, and implementing practical business solutions under set deadlines
--Ability to lead and facilitate teams across the enterprise through security and compliance programs
--Experience with the use of Project Management methodologies and tools
License Requirements/Certifications:
--Valid U.S. driver’s license (for rental cars when applicable)