IT Security Engineer
- Job Ref: 3920
- Location: Dublin, Ireland
- Type: Permanent
About your role
- The IT Security Engineer’s role is to support the Information Security & Compliance Officer in the management of all technology-related security and compliance issues across the organization including information security, privacy, disaster recovery, business continuity, user access and data integrity.
- You will work with our Sales, Customer Success and Legal departments on all IT Security related matters in the areas of Customer / prospect review, audit and RFPs.
- You will also work closely with technology teams on the implementation of policies, procedures and controls to ensure that the organization's practices remain compliant with industry best practice standards, as well as implementing and manage security technologies that will maintain and raise the overall security posture of the company, while providing assurance to senior management and customers.
Responsibilities, Skills & Qualifications
Here’s just some of what you will be doing:
- Work with the Sales, Customer Success and RFP support teams on issues relating to Information Security in response to both Customers and Prospects evaluation of the company.
- Manage the Third Party / Supplier review program ensuring that all new suppliers / potential suppliers meet minimum security standards and working with existing suppliers to improve their Information Security stance.
- Work with internal communications / HR staff to develop, plan, implement and delivery ongoing Information Security awareness and privacy training across the organization including the development of metrics.
- Develop and implement a program of reviews / measurement to provide assurance of compliance with policy (to include System / User access reviews, Firewall rules reviews etc.)
- Create and rollout appropriate Information Security / IT policies as required. Review existing policies and their implementation.
- Identification, evaluation and documentation of Risks and where necessary the development and management of mitigations
- Business Continuity co-ordination – work with business areas on the development and testing of practical BCP plans for each department.
- Provide technical input to all implementations / development solutions ensuring industry best practice standards are adhered by all.
- Implement a meaningful set of monitoring / metrics from IDS / File integrity checking / Logs to ensure good visibility of network activity. Refining the results according to the current threat landscape.
- Manage a regular external and Internal Scanning / Pen Testing program to provide assurance for both management and customers of the security status of the environments and make such testing an integral part of the SDLC.
- Research, evaluate, test and implement security products as required.
Required skills and experience:
- A minimum of five (5) years of IT experience, with three years in an information security role or managing security technologies.
- Solid understanding of industry best practice standards such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
- Familiarity with applicable legal and regulatory requirements, including, but not limited to, GDPR, Privacy Shield, PCI-DSS, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA) and PIPEDA is desirable.
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, management and business personnel.
- Strong project management skills and experience in creating and managing project plans.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls. Ability to provide innovative solutions to issues and problems.
- Up to date industry knowledge and participation in industry forums to ensure access to the latest threat vectors etc.
- Knowledge of risk frameworks / methodologies is desirable.
- A knowledge of Agile development methodologies.
- An understanding of operating system, network protocols and cloud technologies to include a good knowledge of Active Directory, IP addressing, and firewall technologies.?Experience in application technology security testing.?
- Experience in security testing (vulnerability scanning and penetration testing).
- Knowledge and experience in Log management, IDS / IPS, file integrity software. Splunk experience an advantage.
Education and Qualifications
- Diploma or degree in Computer Science or IT related discipline or equivalent.
- CISA/CISSP or GISP:GIAC certification highly beneficial or other security related technology certifications.
- Cloud certification beneficial.