Senior Security Engineer (Richmond, VA)

Duties/Responsibilities

Engineering, implementing and monitoring security measures for the protection of computer systems, networks and
Information

• Secures and hardens infrastructure including but not limited to systems, networks, endpoints, SaaS
integrations, and cloud resources
• Proactively protects the confidentiality, integrity and availability of information in the custody of or processed by the
company by: responding in a timely manner to a loss or misuse of network assets; participating in investigations of
suspected network misuse or in compliance reviews as requested; communicating unresolved network security
exposures, misuse, or noncompliance situations to management
• Reviews network and system changes on a weekly basis, provides technical recommendation, risks and impact
analysis
• Analyzes reports from various reporting tools to identify potential faults and provides recommendation for
improvements
• Coordinates threat intelligence gathering and converts data into actionable detection and prevention methods
• Performs internal and external penetration tests
• Collaborates with operational teams to identify, resolves and mitigates risk and vulnerabilities
• Monitors daily threat intelligence research and interacts with external security organizations
• Maintains endpoint security baseline standards and policies and ensures compliance with Desktop Engineering
• Reviews operation logs and event console activity to determine cause of network security-related events or to identify
potential security-related events
• Ensures all systems and networks are being monitored and logged
• Implements automation for security tasks
• Supervises the instillation of new software and hardware
• Analyzes and implements new security protocols and technologies
• Maintains the integrity of hardware and software
• Assists IT Operations with patching and vulnerability management
• Stays informed of emerging security technologies and evaluates their value to the organization's operations

Identifying and defining system security requirements

• Analyzes and defines business requirements to determine specifications and standards; proposes and develops
security solutions
• Develops and implements detection use cases
• Develops and delivers complex security reports to management
• Audits, detects and remediates critical security exposures in private/hybrid/public Cloud Infrastructure
• Identifies new security threats by conducting continuous monitoring, penetration testing, vulnerability assessments
and log analysis
• Researches, evaluates, designs, tests, recommends and plans implementation of new or improved network security
software or devices: analyzes new or enhanced software applications or tool implementations for implications to
existing network security
• Maintains strong awareness of events in the external community to identify threats and opportunities for enhancement

Incident Response

• Acts as the primary point of escalation and investigation for security events
• Performs incident response, issue resolution, and assessment or communication of risk to the team and provides
support by monitoring real-time alerts
• Investigates security breech alerts
• Develops and maintains incident response procedures; trains stakeholders on appropriate action plans

Designing computer security architecture and developing detailed cyber security designs

• Translates information security strategy and hyper converged architecture into a highly available and secure
technical implementation in accordance with best industry practices
• Partners with ISO and stakeholders to provide secure and documented integrations for SaaS and application suites
• Establishes advanced cyber analytics through the use of software and security tools. Analyzes ecosystem to
proactively identify threats or potential threats
• Investigates and remediates cyber threats, works with internal and external parties when required
• Provides security configurations and solutions to identify and remediates threats
• Serves as a Cyber threat hunter and review security events to identify and prioritize potential threats and trends
• Creates correlations and other logic to identify attackers and defend against advanced attacks
• Determines and develops security architecture approaches and solutions, conducts business reviews and develops
detailed specifications

Quality Control

• Abides by the Technology policies, standards, procedures and guidelines and following ITIL best practices.
• Reviewing and creating documentation relating to upgrades and new releases and performance standards and
ensuring on-going currency and relevance to IT Security Policy.
• Leads others in area of IT security specialization and ensures standards are followed and quality is achieved
• Provides all requested information and configuration documentation to the Internal Audit Division during the annual
Security Evaluation of Internal Control