Information Security Engineer
Remote - Phoenix, Arizona, United States
EVOTEK™ is North America's premier enabler of digital business with a focus on innovation. With technology offerings in data center and cloud, EVOTEK is uniquely equipped to enable customers with the industry shift from traditional IT computing to secure multi-cloud. With services practices in cybersecurity, mobility, platform engineering and AIOps, EVOTEK is moving up the value chain, closer to the part of digital business that matters most. EVOTEK was named to Inc. Magazine’s “Best Places to Work” in 2018 and 2020. For five consecutive years, from 2016-2020, EVOTEK was listed in The San Diego Business Journal's “Best Places to Work” and recognized in CRN's “Solution Provider 500” list, CRN's “Next-Generation 250” list, CRN’s “Triple Crown” and highlighted as CRN's “Top 150 Growth Companies”, holding the #1 spot in 2017 as the fastest growing system integrator in the country. In 2020, EVOTEK was named to the Inc. 5000 list as one of the fastest growing companies in America.
GENERAL JOB SUMMARY:
The Information Security Engineer is responsible for protecting the confidentiality, integrity and availability of our client’s Information Technology assets. This includes monitoring and security for, but is not limited to: network equipment, servers, desktop and laptop computers, software and electronic information.
ESSENTIAL JOB FUNCTIONS:
- Be aware of the IT security requirements for the business and implement measures to satisfy those requirements in the most efficient manner.
- Provide recommendations and guidelines for network and computer security policies & network security architecture.
- Coordinate and support information security efforts, to include, but not limited to: (a) work with application developers and database administrators to plan and implement application security on intranet and extranet (in the DMZ) servers; (b) provide guidance on risks and vulnerabilities related to common application protocols and web services security; and (c) participate in planning, design, and implementation of digital rights management and information protection schemes.
- Implement and monitor security controls that safeguarded systems against all forms of malicious intrusions.
- Evaluate network architecture and hardware/software configurations for security vulnerabilities.
- Participate in the review and analysis of internal projects and external connectivity issues that may have an impact on security.
- Provide hardening baselines that adhere to OS and application implementations.
- Ability to manage and enhance corporate-wide security monitoring activities.
- Ensure the effectiveness of authentication, encryption, and intrusion detection methods.
- Establish procedures for controlling remote access to all network facilities and components.
- Coordinate with all concerned parties to ensure the currency of all security patches and updates, as well as anti-virus software.
- Experience with information security policies, intrusion response procedures, risk analysis, and significant experience administering the operations of a complex security infrastructure.
- Provide guidance for the assignment of network rights to the different user accounts and groups.
- Review security audits and bring awareness to security problems and issues.
- Keep abreast of emerging security technologies and make appropriate recommendations regarding their implementation.
- Promote a security philosophy of risk mitigation through proactive security awareness training, cost effective security countermeasures, host-level security, and security planning/integration.
- Other duties may be assigned.
Other Job Functions
- Computer Security Incident Response –
- Must be able to analyze output from various technologies in order to effectively investigative security incidents using common methodologies such as PICERL or NIST SP 800-61. Applicants need to be able to ascertain and determine not only root cause and damage caused, and additionally identify the methods utilized by intruder, as well as ascertain the ongoing potential risk and exposure to the breached system and to the greater client environment. Candidates must be able to analyze event logs/system logs, from Windows Operating Systems, Unix/Linux Operating Systems, Firewalls/Switches/ Routers, Wireshark/Ethereal network captures.
- Malware Analysis –
- Experience performing analysis of Windows systems to identify and evaluate malware related compromise artifacts.
- Ability to identify actionable indicators of compromise based upon analysis of malware of forensic data.
- Scripting and programming experience (e.g., Python, Perl, C, C++, Java, Assembly Language, Shell Scripting).
- Strong research background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis preferred.
- Ability to maintain sensitive and confidential information as required by government standards.
- Ability to interact effectively with peers and supervisors.
- Ability to interact appropriately with client’s when necessary.
- Ability to adhere to workplace rules.
- Excellent analytical, troubleshooting & interpersonal skills.
- Strong verbal and written communication skills.
- Self-motivated and able to work independently.
- Effectively translate technical risks and exposures into a business perspective through the form of reports and/or presentations.
EDUCATION AND EXPERIENCE:
- BA/BS in related field preferred. Equivalent experience/certification is acceptable.
- 4+ years of experience in technical information systems positions, with at least 2+ experience in a pure information security position (firewall engineer, IDS engineer, penetration tester, etc.).
- Relevant security certifications are a plus such as GIAC, Security +, CEH and/or security-relevant product certifications (Splunk, Palo Alto, Cisco, etc).
- CISSP and/or GSEC Certifications are preferred or the ability to achieve both certifications within 24 months.
- Understanding of IP networking, networking protocols and security-related technologies. These can include encryption, IPsec, PKI, RADIUS, VPN's, firewalls, proxy services, DNS, PGP, SSL, digital signature and digital rights management.
- Experience with Security Audits, Ethical Hacking, and Vulnerability Assessments.
- Enterprise IDS Implementation and Testing.
- Operating System and Application Hardening.
- Incident Response Training.
- Information Security Education.
- System security and controls including.
- Experience with securing and monitoring various OS platforms – Windows, Linux, OS X.
- Solid understanding of Microsoft Active Directory, especially Group Policy Objects.
- Strong company culture.
- Competitive compensation.
- Benefits package that includes 100% paid medical, dental and vision for the employee.
- 401(k) with employer match.
- Flexible PTO policy.
- Flexible working arrangements.
- Annual company overnight retreat (employee + significant other).
Equal Opportunity Employer
EVOTEK believes that everyone has the ability to make an impact, and we are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information.
Explore more Information Security career opportunities
- Open Vulnerability Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Threat Intelligence Response Analyst jobs
- Open Staff Security Engineer jobs
- Open IT Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Senior Incident Response Analyst jobs
- Open Personnel Security Officer jobs
- Open SOC Analyst jobs
- Open Information Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Sr. Product Security Engineer jobs
- Open IAM Engineer jobs
- Open Information Security Officer jobs
- Open Sr. Software Engineer - Detection Engineering jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Staff Engineer, Cloud Security jobs
- Open Azure Security Engineer jobs
- Open Privacy Manager jobs
- Open Software Security Engineer jobs
- Open Threat intelligence-related jobs
- Open PCI-related jobs
- Open Clearance-related jobs
- Open IDS-related jobs
- Open Open Source-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Machine Learning-related jobs
- Open Splunk-related jobs
- Open Intrusion detection-related jobs
- Open Encryption-related jobs
- Open Ruby-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open IPS-related jobs
- Open HIPAA-related jobs
- Open DevSecOps-related jobs
- Open PowerShell-related jobs
- Open Cryptography-related jobs
- Open DNS-related jobs
- Open TCP/IP-related jobs