The Platform Security Engineer is responsible for implementation, configuration, automation, management, and maintenance of security related platforms. The Engineer is a technology and process focused security professional with an emphasis in information security, secure system implementation, and maintenance. The Engineer will review, assess, recommend, automate, and implement technical controls to ensure the security platforms are well managed and resilient. The Engineer will also ensure that routine maintenance and configuration management are well maintained.

Information Security Control Design and Maintenance

• Maintains an inventory of key security platform related risks
• Reviews, develops, and implements security vendor agreements, and security exceptions to control standards as they relate to security platforms and services
• Conducts technical security reviews and assessments of current systems and processes
• Monitors and tracks remediation activities to address weaknesses and issues discovered through platform reviews
• Provides periodic reporting including assessment findings and recommendations for improvement
• Maintain security solutions including proper operation, patch upgrades and vendor management
• Provides oversight and direction for specific security technologies
• Review existing tool sets, identify operational gaps, and recommends security enhancements
• Assist in achieving security architecture compliance on requirements, including Sarbanes-Oxley, payment card industry standards (PCI), HIPAA/HITECH, global data privacy requirements, as well as state and federal regulations
• Provides technical lead on individual security projects across multiple technologies including infrastructure, secure electronic data transfer, network security, platform security and application security
• Investigate opportunities to update security system capabilities to sustain and enhance network and system security integrity through configuration and automation
• Evaluate and recommend new and emerging security products and technologies

Education & Experience

• College degree in Computer Information Systems, Computer Science, Information Systems Management, or equivalent professional experience
• A minimum of 6 years of progressively responsible experience in the management of information systems with at least 4 years of formal experience in information security.
• Experience with:
  • Security Technologies / Methodologies
  • IT Audit/Risk Management
  • Information Security Metrics and Reporting
  • Systems Control Review Process
  • Systems Administration

Certifications

• Certification in information security disciplines such as: CISSP, OSCP, GIAC – GDAT, GMON, GCIA, GCED, GSEC, etc. or from security specific product/service vendors.