Description
Job Description:- Information Security Consultant on the Global Technology Risk Management team.
- This position is responsible for providing SME level security support for key functions and services supporting key initiatives.
- Provide SME level advisory support and liaison with third-party managed security service of centralized ePO platform managing McAfee Endpoint Security (VSE, Solid Core, HIPS.)
- SME lead for security vulnerability management program
- Level 3 support for security alerts received from MSSP/SOC
- Participate in PCI compliance activities and evidence gathering process
- Perform PCI vulnerability scans using Nessus
- Manage PCI external vulnerability scans using Trustwave
- Onboarding of new PCI level 2 locations into PCI management process
- Various PCI administrative and reporting functions
- Develop security documentation as required for compliance and risk assessment activities
Qualifications:
- The ideal candidate will have a strong information security background including previous experience with McAfee ePO and endpoint security products.
- The candidate should be well versed in vulnerability management tools and procedures.
- The candidate must have previous experience with PCI compliance in a merchant environment.
- The candidate will have a working knowledge of various network protocols, authentication models, and security architectures.
- Experience in a retail environment is preferred.
- The candidate must be capable of facilitating technical discussions in a team setting, capturing key technical concepts and diagrams, and providing easy to understand documentation.
- The candidate must be a highly organized self-starter who can work independently with minimal direction.
- 5 - 10 years IT Security
- Bachelor's degree - Business or IT with related experience
- Security certification: CISSP, GSEC, CEH, or Security +
- Excellent verbal and written communication skills
- Experience with Payment Card Industry (PCI) Report on Compliance (ROC) process
- Experience with McAfee ePO administration (VSE, Solid Core, HIPS)
- SME level knowledge of security scanning products (Nessus, Qualys, Trustwave)
- Administrator level knowledge - Windows and Linux environments
- Familiarity with Firewall administration concepts
- Proficiency with Microsoft Access, Word, Excel, Sharepoint, and Visio
- Experience developing complex Visio diagrams
- Security Operations Center (SOC) analyst
- IDS/IPS, NetGen Firewall administration
- Excellent problem-solving skills and ability to focus on details
- Technical writing and creating Visio diagrams