Security Lead Engineer

Company: Forensic Risk Alliance
Location: Cranston
Posted on: June 24, 2022

Job Description:

ResponsibilitiesAs part of the Global IT Team team, the Security Lead Engineer reports directly to the Director of IT and is responsible for the implementation and administration of network security hardware and software, enforcing the security policy and complying with requirements of security audits and recommendations. - The Security Engineer Lead needs to keep current on the latest threats and technologies to combat those threats and comply with all standard security practices. - Occasionally, this role may engage with FRA clients and would lead work streams with external certification firms. With their highly specialized skill and knowledge, the Security Lead Engineer would function as an SME to the IT Director and entire IT Team.Principle duties

• Architects, designs, implements, maintains and operates information system security controls and countermeasures
• Supervises and trains team members in the administration of these systems; documents the operation, use, and expected outputs of these systems.
• Analyses and recommends security controls and procedures in business processes related to use of information systems and assets, and provides oversight to ensure compliance.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends to IT or executive management.
• Oversees the response to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; engages, interacts and coordinates with third-party incident responders, including law enforcement.
• Oversees the administration of authentication and access controls, including provisioning, changes, and de-commissioning of user and system accounts, security/access roles, and access permissions to information assets.
• Analyses trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; oversees risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
• Analyses and oversees the development of information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
• Oversees the development and administration of information security training and awareness programs.
• Assesses security of existing systems, identify potential risks and create mitigation options
• Work alongside FRA developers, providing expert leadership and advice on secure architecture, design, and implementation
• Coordinate and conduct security testing, prioritise fixes
• Maintain the strategic roadmap for security at FRA and be its advocate
• Manage, develop and motivate team members to support an environment which builds accountability for commitment to service delivery, business partnering, meeting objectives and sets the tone for continuous review
• Manage resource allocation, monitor utilisation rates of team members and support strategic workforce planning and recruitment of key roles
• Support talent acquisition efforts by leveraging external networks to source candidates and leading Qualifications, Skills and Experience
  • Bachelor's Degree Computer Science, Cybersecurity, or related field required; Advanced degrees/ certifications strongly preferred
  • Minimum 5 years of experience in an Information Security related role, ideally in a multi-office global environment
  • Experience with reverse engineering, vulnerability research, and penetration testing
  • Experience with threat modelling
  • It is also desirable for the role holder to have experience in applied cryptography
  • Demonstrable ability to clearly articulate complex and technical findings in both written and oral presentations for a variety of audiences
  • Excellent analytical and problem-solving skills, strong work ethic, attention to detail and an enquiring mind
  • Self-motivated with the ability to work in a fast-paced environment
  • Experience with the ISO 27001 framework
  • In-depth knowledge of applicable data privacy practices and laws and how these need to be considered as part of service delivery and ongoing developments
  • Strong understanding of project management principles
  • Must be flexible with potential travel requirements, both domestic and international
  • CISSP or equivalent certification a strong plusFRA operates a hybrid working policy, where time can be split between home and the office. The split of time will be dependent on the work activities underway at specific times. This job description is to be used as a guide for accomplishing company and department objectives and is not intended, and should not be construed to be an all-inclusive list of responsibilities, skills, efforts or expectations associated with a job. The management team reserves the right to modify, add or remove duties from jobs and to assign other duties as necessary.FRA is an Equal Opportunity Employer (EOE). We will not unlawfully discriminate against any protected characteristics, or any other category protected under applicable legislation, federal law, state law or local law. In addition, if you need assistance or accommodation during the application process because of a disability, this is available upon request.

Keywords: Forensic Risk Alliance, Cranston , Security Lead Engineer, Engineering , Cranston, Rhode Island