Systems Information Security Engineer

Company: The Washington Trust Bank
Location: Spokane
Posted on: June 8, 2021

Job Description:

The Systems Information Security Engineer is part of the Information Security Office team and responsible for support of following information security areas: Information Security Configuration Management, Endpoints, Databases, Core processing systems, and Information Security Systems Architecture & Consulting. This is a hands-on position that works closely with Information Security team members on continues assessment and hardening of bank's information security posture, maturity level and risk assessments. Acts as a liaison to IT team regarding information systems security architecture, configuration and posture assessment and verification. Prepares analyses, metrics, Key Risk Indicators (KRIs), and evaluations to ensure compliance with bank policies, standards, and security regulations.

ESSENTIAL FUNCTIONS

Information Security Configuration Management

• Supports Information Security Office to maintain and enhance the security posture of the bank's systems, endpoints (on-premises and cloud), database / data, and core processing systems.
• Assists with the implementation of secure baseline configurations, incorporates secure configuration settings for Information Security, IT product and services and integration of third party provided systems.
• Monitors and maintains information security tools and solutions for effective operation, peak performance and orchestration of the posture.
• Ensures information security standards, procedures and guidelines in compliance with bank regulations (e.g. FFIEC, NIST, PCI, etc.).
• Assists the Information Security Office with various activities associated with the banks Operational Risk Management Program.

Endpoints/Databases/Data/Core Processing Systems Security

• Identifies opportunities to improve endpoints (on-premises and cloud), core processing platform security through the implementation of secure frameworks, establishments of standards, procedures, and guidelines.
• Works closely with IT team to analyze the current network and applications security posture to detect critical deficiencies and recommend solution for improvements.
• Works with Information Security team to assist with building of new controls, automation and resolving gaps or identified issues with security technologies.
• Assists in supporting all reporting, metrics, and Key Risk Indicators (KRIs) requirements for security applications, tools, and services.
• Support implementation of static and dynamic application security testing.
• Support implementation and management of data loss prevention and data discovery tool.
• Management and configuration of endpoint security tools, including antivirus, antimalware, application control and EDR.
• Documents necessary endpoints, databases, and core processing systems security design including project postmortem documentation and metrics collection and reporting.
• Works with IT staff and project managers to resolve security related issues with network, systems, and applications during implementation and ongoing.

Information Security Architecture & Consulting

• Performs analysis of information systems security architecture needs and contributes to design, integration, and tune- up of required hardware and software.
• Identifies and defines initial information security design and architecture requirements and ensure implementation and verification throughout the life cycle of projects and services.
• Provides information security consulting across the organization and assists in defining individual information security requirements for applications bank-wide.
• Assists developing training material that covers organizational policies, procedures, tools, artifacts, and monitoring requirements.
• Documents information security processes and procedure as needed.
• Follows established change management procedures.

OTHER FUNCTIONS

• Participates in incident response and vulnerability remediation efforts.
• Participates in on-call rotational duties with other team members.
• Regular, reliable attendance is required.
• Performs compliance and risk management duties as required or assigned.

KNOWLEDGE/SKILLS/EXPERIENCE REQUIRED

• Bachelor's degree in Computer Science, MIS or related technical field or equivalent related work experience.
• 3 - 5 years of experience in configuration of secure systems, endpoints, databases, and core processing systems.
• Experience with endpoints, databases, and core processing systems hardening and compliance (FFIEC, NIST and PCI).
• Network, systems, application information security certification preferred (GIAC's GCCC, GPPA, GCWN. CISSP, SCCP, CEH, GSEC).
• Experience with Common Secure Configurations (i.e. STIGs, CIS) and other industry security checklists / benchmarks
• Experience in assessing the risk of a proposed solution, escalating appropriately and driving to closure.
• Technical knowledge of systems engineering, networking/cloud and software architectures.
• Demonstrated proficiency with various security applications and investigation / forensic tools.
• Extensive knowledge of networking protocols and security implications.
• Excellent communications and interpersonal skills; ability to collabo

Keywords: The Washington Trust Bank, Spokane , Systems Information Security Engineer, Other , Spokane, Washington