Enterprise Security Analyst
The Security Engineer is responsible for maintaining, evaluating and testing the security of 18F systems. The security engineer will assist with the ongoing protection of 18F digital assets, and the maintenance and expansion of the 18F enterprise security program and architecture.
The Security Engineer must be actively engaged and informed in current threats and countermeasures. The Security Engineer will monitor and analyze systems, network traffic and behavior in order to detect and address threats to the organization, making recommendations and applying countermeasures where necessary.
The security engineer should be highly technical and proficient with Information Security practices.
Core Security Responsibilities
- Works with the Information Security Team to maintain a comprehensive Enterprise Information Security Program based upon industry standard best practices and compliance mandates.
- Assists with the development, enforcement, and maintenance of policies, procedures, measures, and mechanisms to protect the confidentiality, integrity and availability of data/information and to prevent, detect, contain, and correct information security breaches.
- Assists with all security activities within Information Technology. Assists with policy and procedure enforcement.
- Identifies security protection goals, objectives and metrics consistent with Enterprise best practices
- Promotes a culture that considers information security in all day-2-day activities
- Assists with providing logical and physical security and integrity of all systems and data
- Supports IT teams on security-related consulting services and on projects including deployment and maintenance of policy enforcement tools, techniques, and reporting
- Participates in change and configuration control processes and reviews
- Lends security awareness among the IT staff and business stake holders
- Performs risk assessment on the information assets of the organization and recommends controls in light of the value vs. threat vs. vulnerability vs. cost
- Works with outside consultants as appropriate for independent SOX/PCI security audits
- Assists infrastructure teams with prioritizing patches and security fixes.
Detailed Security Responsibilities
- Analyzes the logs of the various systems for suspicious activity
- Develops a repeatable and consistent monitoring plan for security components such as IDS, vulnerability management and log management.
- Responds to network security incidents
- Responds to 24/7 security alerts in a timely manner; prepares for and provides rapid response to security threats such as virus attacks
- Participates in the evaluation, selection and implementation of security products and technologies
- Maintains network-based intrusion detection systems
- Maintains the established vulnerability management program
- Supports anomaly detection and correlation tools, and provide in-depth analysis of events detected by these applications.
- Evaluates the security impact of changes to the network, including interfaces with other networks
- Monitors information system access to MS-Windows, MS SQL Server and UNIX systems; handles security reporting; and support auditors, examiners and end-users during information security audits
- Documents procedures and activities, assists with the creation of new policies and reviews of established policies.
- Works with end user tickets requests for various types of access while adhering to established processes.
Communication / Reporting
- Represents the security team on organizational security project teams, and with external organizations
- Communicates the Enterprise's security policies, including compliance issues, risks, and incidents to IT managers and users
- Produces security/risk status reports on metrics on key security functions
- Shows a commitment to continual self-improvement in order to learn and stay current with security and compliance methodologies, processes/best practices, and related technologies – shares information gained with co-workers.
- Passion for technology and Information Security.
Send your Cover Letter and Resume, including salary history, to:
Human Resources at
One Old Country Road
Carle Place, NY 11514
Only Qualified Applicants Will Be Contacted.