EagleBank

Receive alerts when this company posts new jobs.

Similar Jobs

Job Details

Senior Information Security Engineer

at EagleBank

Posted: 4/7/2020
Job Status: Full Time
Job Reference #: 1089
Keywords:

Job Description

Category
Technology
Position Type
Full-Time/Regular
Job Location
Silver Spring, MD
Tracking Code
1089-948

GENERAL SUMMARY:

Senior Information Security Engineer is responsible for monitoring, analyzing and maintaining EagleBank’s technical security controls in support of EagleBank’s Information Security Program. This role will be focused on maintaining the security of the EagleBank applications and network which includes creation and timely execution of project plans, tool installations, assisting with upgrades of EagleBank’s technology environments and integrating risk-based threat intelligence into the operational environment. The role also supports the ability to maintain assurance in our technical security controls so that risks to the confidentiality, integrity and availability of EagleBank’s information systems and infrastructure are sufficiently mitigated which in turn, supports the bank’s operational goals. The role will also perform triage and analysis of security events escalated from the Tier1 and Tier-2 support teams.

MAJOR DUTIES AND RESPONSIBILITIES:

  • Maintain an efficient and secure IT infrastructure.
  • Assist in the execution of information security projects with other engineers, vendors and consultants.
  • Review, analyze, and evaluate network security tools and document, troubleshoot, and remediate issues.
  • Develop and evaluate security procedures for IT Department
  • Analyze reports, monitor alerts and review reports to monitor activity and document findings and recommend corrective actions.
  • Conduct security assessments and product integration
  • Audit security procedures ensuring compliance
  • Handle basic issues and problems and escalate complex issues to other Network or Security Engineers, upper management and/or third party vendors when appropriate.
  • Work with managed service providers, network administrators, and Security Operations to resolve problems, evaluate new solutions, recommend changes, and investigate incidents.
  • Analyze reports, identify, and distribute action items or service tickets to support teams or vendors to address workstation, server, or network issues.
  • Plan, implement and upgrade network security tools running in the physical and virtual environments.
  • Document and Submit Change Management events in appropriate forms and represent changes to Change Advisory Committee.
  • Ensure confidential data is secure (i.e. proprietary network information)

Required Education/Experience:

  • Bachelor’s degree in Computer Science or Information Systems, Information Technology or related focused technical training or in lieu 4 additional years of engineering and project management experience.
  • 7 years’ experience in a combination of information security operations/engineering/administration with emphasis on deploying security products.
  • 4 years’ experience with designing and implementing information security technologies required
  • 3 years’ experience remediating vulnerabilities in a windows environment required
  • Intimately familiar with security tools (Vulnerability Management, SIEM, Network Anomaly Detection, Endpoint Security, Web proxies, email gateway, etc.)
  • Experience working on VMware virtualized environment

Preferred Education/Experience:

  • Experience with information security on the public cloud (Azure/AWS) environment
  • 3 years security engineering/administration in the financial sector

Required Certifications, Licenses or systems needed :

One or more of the following certifications (or equivalent):

  • SANS GIAC Certifications such as
    • GPPA: GIAC Certified Perimeter Protection Analyst
    • GCIH: GIAC Certified Incident Handler
    • GPEN: GIAC Penetration Tester
  • Cisco Certified Network Associate Security (CCNA Security)
  • EC-Council Certified Ethical Hacker (CEH)

Preferred Certifications, Licenses or systems:

One or more of the following certifications (or equivalent):

  • SANS GIAC Certifications such as
    • GSAE GIAC Security Audit Essentials
    • GWAPT GIAC Certified Web Application Penetration Tester
    • GSE GIAC Security Expert
  • EC-Council Certified Security Analyst (ECSA)
  • ISC2 System Security Certified Practitioner (SSCP) or other ISC2 or ISACA certifications

Required Knowledge & Skills:

  • Knowledge of TCP/IP networking: networking topology, protocols and services.
  • Familiarity with at least one security best practice standards such as the Center for Internet Security (CIS) Top 20 Critical Security Controls, NIST Cybersecurity Framework, FFIEC Regulatory Cybersecurity Standards, ISO27001 controls, PCI-DSS, or equivalent.
  • Excellent knowledge of SEIM, NBA or UEBA tools.
  • Excellent knowledge of Microsoft Operating system. Knowledge of Linux operating system is a plus.
  • Strong Information Security Administration knowledge.
  • Strong Active Directory and Windows Group Policy knowledge.
  • Working knowledge of SQL database administration preferred.
  • Knowledge and experience of Unified Threat Management, SIEM technologies, Virtualization, Windows Desktop and Server operating systems, firewall technologies, application layer security controls, and IDS/IPS technologies.
  • Networking technology and protocols, including routers, switches, VPNs, Citrix, email gateways, etc.
  • Requires skill in providing expert input into technology projects.
  • Assist the Tier-1 and Tier-2 escalations with troubleshooting and working through ServiceNow tickets.
  • Vendor management knowledge preferred.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!