Information Security Engineer

Icann Los Angeles , CA 90009

Posted 4 weeks ago

Job Summary:

Continuous improvement of system and network event visibility. With extensive knowledge and experience with IP networking, DNS, packet captures, and Windows and Linux administration, this role will still be required to be hands-on to ensure the correlation between system and network security validation. Information Security Engineers may also be called on to assist with operations as needed. The duties require the consistent exercise of independent judgment and discretion with limited if any, supervision regarding technical issues requiring advanced knowledge.

Key Responsibilities & Duties:

  • Establishing testing protocols to identify and document potential security vulnerabilities of IT systems

  • Collaborate in designing, testing and documenting security programs and scripts (Snort rules, Splunk scripts and templates, etc.) to monitor and analyze network traffic

  • Test, configure and modify commercial information security solutions

  • Deploy, maintain and troubleshoot firewalls, network and host IDS and VPN appliances

  • Establish protocols for and conduct security vulnerability assessments of ICANN enterprise systems

  • Collaborate in the documentation of information security policies and the creation of security specifications and procedures

  • Respond to security events and incidents. Collect, analyze and archive electronic and written records, digital media, notes and other evidence. Document the analysis of results and assist in providing security advisories for all users. Identify ways ICANN can learn from security events and avoid repeat events

  • Lead projects to identify security issues proactively through analysis of network traffic, software and hardware testing, log review and consultation with users

  • Conduct forensic examinations of digital records, logs and other data

  • Guidance and oversight of various corporate security systems; such as Mobile Iron MDM, Lenel OnGuard Access Control console, DigiCert s/mime certificates, and others as needed

  • Work with IT End User Support staff to analyze security-related events to assist with escalation decisions

  • Oversee and coordinate security patching on ICANN production systems

  • Coordinate with vendors and external security teams to address security issues on SaaS systems

  • Other duties as assigned or requested

Required Knowledge, Skills, and Abilities (KSAs):

  • Subject Matter Expert on the following areas: Authentication; Cryptography; Authorization; Network Security; Application Security, Attack / Defense Techniques

  • Familiarity with use of Unix and Windows operating systems

  • Written and verbal communication skills for clear reporting

  • Knowledge of common vulnerabilities / OWASP Top 10 Cross Site Scripting, Cross Site Request Forgery, SQL Injection, etc.

  • Scripting skills such as: shell scripting, Python, Perl, or Ruby

Education and Experience

Requirements:
  • Bachelor's Degree required, Study in Computer Science, Information Technology or a related field desired

  • Minimum two (2) years of experience or equivalent

  • Experience with Puppet, Snort, etc.

  • Hands-on experience with risk assessment, vulnerability scanning, penetration testing, application firewalls, NAC, SIEM, IDS/IPS, and VPN

Language

  • Fluency, both written and spoken, in English, is required

  • ICANN is a global organization that values diversity; preference will be given to candidates with demonstrated skills in additional languages besides English

Working Conditions & Physical

Requirements:
  • Work is performed in a normal office environment with limited privacy and some exposure to background noise

  • While performing the duties of this job, the employee is frequently required to stand and walk. The employee regularly is required to sit. The employee is frequently required to talk or hear; use hands and arms to reach, handle or feel. Specific vision abilities required by this job include close vision, color vision, and ability to adjust focus.

  • The employee may occasionally lift and/or move up to 25 pounds

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Compliance Specialist Information Systems Full Time 8 Hour Days (Salary) NonUnion

University Of Southern California

Posted 3 days ago

VIEW JOBS 1/16/2020 12:00:00 AM 2020-04-15T00:00 Provide Keck Medicine of USC operational, administrative and project support for the Information Security department whose purpose is to ensure the safety of Information Systems Assets and to protect systems from intentional or inadvertent access or destruction. This role includes, but is not limited to: Assists with designing, implementing and maintaining a comprehensive and effective privacy & security program for the hospital/health care entities. Provides consultative services on privacy and patient confidentiality issues. Participates in program development and implementation, policy and procedure development, compliance monitoring, developing and updating information security policies, standards and guidelines, and manages investigations. Develops and conducts privacy and security training and education. Responsibilities for this position include managing all Information Services audit requests; organize and fulfill all eDiscovery requests made to the IS department; manage the PCI DDS program for the organization; critical communication pathways across entire hospital/health care entities and University for compliance related topics. Provide administration for support and delivery of Keck Medicine of USC's security policies and systems. Participate in IS audit requests, particiapte in the development of policies, standards, procedures for the general operation of the InfoSec Team. Lead the PCI program for IS, and develop and manage a user awareness, education and training program focused on security priniciples. Will work on assigned projects both independently and as part of a team. Provide direction and leadership in the creation, maintenance, and enforcement of IS Policies. Participates in creation of new policies and/or updates to existing policies based on new solutions and/or the ever-changing cybersecurity landscape. Minimum Education: Required Education/Experience: * A Bachelor's in a related field. * PCI and HIPAA experience required * Demonstrated understanding of healthcare operations * Or the equivalent combination of experience and education that would demonstrate the capability to successfully perform the essential functions of this position. Preferred: * Thorough knowledge of state and federal regulations pertaining to HIPAA compliance program rules * Thorough knowledge of federal regulations pertaining to PCI compliance program rules Minimum Experience/Knowledge: Minimum Experience * Three (3) years' experience in Compliance Knowledge, Skills, and Abilities: * Strong interpersonal skills and ability to deal effectively with diverse personalities and skill sets. * Ability to effectively interact with internal and external parties in resolving security complaints. * Excellent oral, written and presentation skills. * Analyze, asses and evaluate situations, circumstance, data, etc. to create recommendations and report on outcomes * Conceptualization and design
 education, training and awareness programs (including but not limited to newsletters, alerts, online Healthstream training, phishing programs, etc.) * Interpretation of policies, trends, etc. in the Information Security space * Problem solving skills and ability to work under pressure * Knowledge of applicable federal and state laws/regulations/policies/principles/etc. * Project management principles * Able to effectively explain information and influence others in straightforward situations * Able to make appropriate decisions within guidelines and policies * Able to effectively prioritize own work to meet changing deadlines. Fire and Safety Certification. If no card upon hire, one must be obtained within 30 days of hire, and maintained by renewal before expiration date. USC is an equal opportunity, affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristic protected by law or USC policy. USC will consider for employment all qualified applicants with criminal histories in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring ordinance. We provide reasonable accommodations to applicants and employees with disabilities. Applicants with questions about access or requiring a reasonable accommodation for any part of the application or hiring process should contact USC Human Resources by phone at (213) 821-8100, or by email at uschr@usc.edu. Inquiries will be treated as confidential to the extent permitted by law. Read USC's Clery Act Annual Security Report Required Legal Notices Certain positions are subject to background screening If you are a current USC employee, please apply to this USC job posting in Workday by copying and pasting this link into your browser: https://wd5.myworkday.com/usc/d/inst/1$9925/9925$40745.htmld University Of Southern California Los Angeles CA

Information Security Engineer

Icann