Assurant IT Security Engineer in Miami, Florida
The Security Engineer is responsible for supporting various security technologies and infrastructure in alignment with the Assurant Information Security Program, related information security policies and standards, regulations, practices, and procedures. This position will execute information security processes and procedures in support of all Assurant businesses. It requires a strong understanding of the following facets of information security: security engineering application security, infrastructure security, security event monitoring, intrusion prevention, incident response, eDiscovery, and forensic, regardless of operating system platform.
Key Objectives * Implement and support solutions that comply with Assurant Information Security Policies and Standards. * Supports technologies related to applications, infrastructure, and end-point security. * Identify, research, report, and track hardware/software vulnerabilities, and execute mitigation strategy/efforts. * Suggests and develops security measures, practices, and processes to safeguard information against accidental or unauthorized modification, destruction, or disclosure. * Participates in the measurement and reporting of compliance activities with approved information security policies and standards to management. * Maintain a balanced knowledge base of information security management industry practices and regulatory requirements as well as technology-based security solutions.
60% Operational/Process * Support existing and emerging security infrastructures, frameworks, methodologies, and platforms. * Participate in the testing of security solutions and reporting observations to reporting management. * Participate and recommend gap remediate efforts in regards to Information Security. * Conduct security reviews of security infrastructures, frameworks, methodologies, and/or platforms and produce detailed documentation. * Answer service calls and meet service level agreements. When required, escalate issues to vendors and/or other support teams. * Assist in the incident response process as required. * Provide support for mergers, acquisitions, and divestitures.
30% Strategy * Support information security implementations & promote Information Security policy enforcement throughout Assurant. * Provide security engineering recommendations and guidance to security leaders and stakeholders. * Support gap remediation efforts as directed by security leaders. * Assist with investigating the potential impact of technologies and communicate findings to security leaders. * Engineer technology platforms and infrastructures in alignment with Assurant security standards and strategic roadmaps. * Develop basic secure standards, requirements, diagrams, and/or documents for security infrastructures, frameworks, methodologies, and/or platforms needs. * Reviews technical solutions and make recommendations in alignment with Assurant security requirements. * Collaborate with various security teams on infrastructures, frameworks, methodologies, and/or platforms needs.
10% Leadership * Manage and lead security projects and/or initiatives. * Provide technical support for security initiatives involving security infrastructures, frameworks, methodologies, and/or platforms. * Provide mentorship for Security Analysts. * Educate peers, security personnel, and other security staff about security infrastructures, frameworks, methodologies, and/or platforms
Basic Qualifications: * 5 years of experience in the field of IT, information security, security event monitoring, incident response, eDiscovery forensic, infrastructure administration, compliance, security administration, audit and/or risk * 3 years of experience in managing projects. * A broad range of exposure to all aspects of system maintenance, lifecycle management, technical support, systems analysis, risk management, application development and change management.
Preferred Qualifications: * Bachelor's degree in Business, Computer Science, Engineering, Information Security or related discipline or equivalent experience. * Experience with the following security platforms (ArcSight, McAfee ePO, Exabeam, Firepower, etc). * Active security certification desired or willingness to obtain. o CompTia Security o GIAC Security Essentials o Certified Security Analyst (ECSA) o Certificated Ethical Hacker (CEH) o Offensive Security Certified Professional (OSCP) o Certificated Information Systems Security Professional (CISSP)
Other Knowledge and Skills: * Proven leadership skills. * Excellent written and verbal communications. * Ability to manage multiple and complex priorities. * Solid understanding of the following areas: information security, system administration, IT support, compliance, audit, risk management, and change management. * Expert knowledge of Security Infrastructure controls (networks, server and end user computing devices) system administration, and business continuity planning and practices. * Expert knowledge of the information security engineering and system lifecycle support. * Strong application and infrastructure security experience (i.e. Anti-virus, firewalls, cryptographic management (PKI), network protocols, filtering, etc). * Strong experience with security tools used to find security vulnerabilities (i.e. web, OS, infrastructure). * Strong experience with incident response. * Practical knowledge of programing languages used to automate and/or enhance security process. * Solid understanding of operating system internals, networks, applications, databases, and cloud technologies. * Strong knowledge of relevant security standards (NIST, ISO, PCI , etc) and ability to align them to secure engineering designs. * Strong knowledge of technologies that support including, but not limited to: # Authentication and authorization # Identity and Access Management # Networking # Web technologies # Application servers # Database Management Systems # Web Application Firewalls # Web services # End-Point Security # Data Loss Prevention # Forensic’s tools * Familiarity information security investigations and forensics * Familiarity with legal, regulatory and industry security requirements and frameworks.
Job: *Information Technology
Title: IT Security Engineer
Requisition ID: 56180