Description
Link Technologies is currently looking for a Security Operations Lead Engineer for a contract position in Las Vegas, Nevada.
ESSENTIAL JOB FUNCTIONS
Position Statement:
The Security Operations (SecOps) Lead Engineer for our client is responsible for implementing the Data & Digital Security (DDS) program and strategy at a tactical and operational level (network, infrastructure, applications and databases) to ensure that security controls are functioning efficiently and effectively, more specifically in the realm of security logging, monitoring, alert management, incident handling, vulnerability and configuration management. Furthermore, this position also supports the DDS Team in doing security research and development, product evaluations, consulting, project support, and any other operational tasks needed to support the overall requirements of the program and strategy.
The SecOps Lead Engineer provides technical expertise to establish and implement security related standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various properties and Information Technology.
Operational Planning & Management
- Act as the central advisor to the properties and network/infrastructure teams and offer solutions to new risks and threats
- Support the SecOps Team on their activities working directly with the network/infrastructure teams and project teams, that is be able to take on hands-on work as needed (eg, tight deadlines, issues, etc.)
- Support the SecOps Team with penetration testing and vulnerability threat assessments, security reviews and assessments, Firewall rule changes, IPS fine-tuning, etc. as needed, of new systems, network changes, third-parties, etc. as part of projects
- Review and sign-off on all recommendations on possible improvements resulting from the work performed as part of projects
- Provide official sign-off on projects after reviewing all security deliverables prepared by the SecOps Team
- Support the activities of the SecOps Team with the DDS NIS Protection Systems once they are in place (including various infrastructure and network security tools such as Firewalls, IPS, anti-malware tools, etc.)
Security Risk Management
- Manage the SecOps aspect of various audits, PCI, assessments, etc. to ensure that all outstanding findings and gaps are resolved by the various properties and IT
- Partner with the DDS Management Team to build an integrated end-to-end security risk and compliance framework to protect the Company's information assets and supporting resources
- Act as the main point of contact for the design and deployment of the company's security risk management framework as it relates to SecOps
- Develop, implement and manage security policies, standards, procedures, and guidelines that will assist the network/infrastructure teams in integrating security requirements in the network and operating systems
- Be a major influence in promoting the technical understanding of new and existing information security standards, solutions and tools with respect to network and systems
- Using the DDS security risk management framework, ensure that all SecOps activities (eg, penetration testing, vulnerability threat assessments, threat modelling, security reviews and assessments, code reviews) are conducted with the utmost quality
- Develop and manage detailed security reviews and assessments, security exposure analysis of the network architecture and overall infrastructure: (1) Assess potential damage of security flaws and assist in the implementation of corrective actions; (2) Identify, document, and report security issues and concerns to management; and (3) Monitor corrective actions and recommending cost-effective preventive measures to preclude recurrences
- Review and sign-off on all SecOps deliverables including recommendations and remediation plans; this activity is executed in close collaboration with the Security Risk & Compliance Team
- Monitor the effectiveness of corrective actions and recommending cost-effective preventive measures to preclude recurrences
- Identify areas that would benefit Internal Audit, External Audit and other regulators to enable them to streamline their audit activities and leverage DDS security tools and processes; manage the overall integration of these groups within DDS
Incident Management
- Perform as the SecOps subject matter expert for the Incident Response team and investigating any possible incidents impacting the company
- Support the activities of the SecOps Team in all SOC procedures
Research & Development
- Design, implement and manage a SecOps lab to perform all required security assessment, reviews, testing, etc. including evaluating, selecting, deploying and managing network and infrastructure security tools
- Evaluate and participate in outsourcing and/or third-party initiatives that would outsource data processing and management
- Provide technical briefings to the CISO and other key stakeholders such as the CTO on current security issues; contribute to the technical understanding and promotion of new and existing information security standards, solutions and tools; serving as a technical communication channel to the CISO
- Provide R&D and consulting support to the DDS team, IT and business projects as needed
Documentation, Reporting & Analytics
- Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the CISO and other key stakeholders such as the CTO
- Document and follow-up on security exceptions relating to IT and property activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures
- Manage all SOC requirements with regards to SecOps metrics and ensure that metrics are gathered on a daily basis
- Manage all SecOps metrics for the quarterly CISO dashboard and other reporting requirements
Performance and Training Management
- Provide training and advice to less experienced security staff and/or other non-security professionals (IT, properties, eg)
- Self-manage career in security by leveraging available courses in-house and courses offered externally; prepare a career plan for short-term and longer-term performance management
Organizational Planning and Management
- Contribute to projects with the IT and property teams and for projects internal to DDS
- Assist with general administrative activities in collaboration with all team members
- Support vendors' activities and relationships
- Prepare project plans and associated documentation
- Prepare status reports and other management metrics as needed
KNOWLEDGE AND EXPERIENCE
- 7+ years of work experience in computer support, programming or operations required.
- Requires knowledge of operating systems, relational database architecture, Client Server technology, computer science, business data processing, database analysis and design theory skills, information engineering skills, transaction processing systems, relational database architecture, wide and local area networks, communications protocols, Real Time systems, mission-critical systems, industry standards and FCC regulations, and various types of computer terminal equipment.
- Strong analytical skills, problem solving skills and project management skills.
- Extensive training in engineering disciplines including systems programming, systems design, computer technology and software disciplines.
- Operations management, project management, and system implementation management skills.
EDUCATION
- Bachelor's degree or equivalent business experience in Computer Science, Database Administration, MIS or Electrical Engineering required
- CISSP, CISA, CISM, GSEC, or related certification(s) required
To apply, please send your Resume in MS Word format and reference Job ID # 3431. We look forward to working with you!