Our Client is seeking a Security Engineer for a full time/direct hire role located in Pittsburgh, PA. The Security Engineer, is responsible for working with all technology services across the company. This position will specialize in network security and requires a strong knowledge of security controls and auditing. The Security Engineer is a hands-on role involving design, deployment, and support of complex security products. Qualified candidates should have a minimum of FIVE (5) years' of work related experience.
Assist in evaluating, planning, configuration and implementation of new/existing security applications/tools.
Configure, implement, monitor and support security software/systems that will help ensure compliance with Firm policies and procedures. This includes, but is not limited to, Anti0Malware/Anti-Virus, Phishing and SPAM controls, Vulnerability Management, Configuration Management, Vendor Remote Access, MFA/SSO, etc.
Responsible for development, execution and/or coordination of IT policies and procedures, compliance reviews, social engineering and phishing campaigns, end user awareness training, client audit responses, and third party risk assessments, etc.
Ensure security best practices are identified and integrated into all facets of the project including network, system designs/configuration, and implementation.
Identify and recommend potential areas where existing data security policies and procedures require change, or where a control is required to mitigate security risks while working with various teams to enhance security policies and procedures.
Assist in the identification, response, investigation, and remediation of potential breaches of and issues surrounding data security.
Manage relationships with third party providers of security monitoring and tools to ensure assets are being protected.
Proactively identify security problems, monitor performance trends, perform upgrades, and make recommendations to security hardware and software as required.
Perform periodic information risk assessments, conducts compliance monitoring activities, and initiate reoccurring penetration testing.
Responsible for providing support during off hours for security.
Track data security issues to closure in a timely manner by partnering with business units, communication solutions, and verifying remediation.
Minimum of five (5) years’ of information or network security-related experience.
One or more of the following certifications CISSP, CISA, GIAC is desired; matriculating candidates considered.
Working knowledge of some or all of the following: Anti-Malware, secure email gateway management, web proxy management, vulnerability management, risk assessment, vendor remote access management, MFA/SSO/SAML management.
Ability to understand technical implications of security threats.
Must have experience with information technology and information security policy and procedure development.
Must have experience developing and administering phishing and social engineering awareness campaigns as well as end user awareness training.
Skill in with performing internal auditing, responding to third party vendor security assessments is preferred.
Understanding of ISO27001/NIST principles preferred.
Bachelor's degree in an Information Security, Computer Science, Business or Engineering related program; Advanced degree preferred.
Internal Number: 18984
The most pressing issue for businesses today is the quest for growth, and more than innovation, operations or even customer relationships, CEOs are looking for talent and leadership to secure and sustain it. People are truly an organization’s greatest asset.
With an active nationwide database of more than 500,000 seasoned professionals, A.C.Coy employs the latest tools to manage effective recruiting. The technology helps to quickly identify and contact the right candidates with the skills and experience clients need.
The tools that A.C.Coy uses provide a unique perspective regarding culture, performance, leadership, and team "fit". And our integration methodology ensures that new leaders are integrated quickly and successfully without breaking stride.