GENERAL DESCRIPTION OF WORK:

The Senior Security Engineer’s role is to serve as the primary architect and SME (subject matter expert) for all information security-related initiatives and implementations. They will serve as a mentor to the junior members of VIA’s Information Security Department.

ESSENTIAL FUNCTIONS:

Develops, implements, maintains, and oversees enforcement of policies, procedures, guidelines, and associated plans for system security administration and user system access based on industry-standard best practices to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.

Assists with the design and implementation of the disaster recovery plan for operating systems, databases, networks, servers, and software applications.

Designs and implements security breach and incident response plans.

Assesses the need for any security reconfigurations (minor or significant) and executes them if required.

Keeps current with emerging security trends and issues.

Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.

Interacts with vendors, outsourcers, and contractors to obtain protection services and products.

Recommends, schedules, and performs security improvements, upgrades, and/or purchases.

Deploys, manages, upgrades, documents, and maintains all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, SIEM system, and anti-virus/anti-malware software.

Audits end-user accounts, permissions, and access rights on various systems, servers, and file shares and document results.

Manages connection security for local area networks, the company website, mobile devices, Wi-Fi, VPN, the company intranet, e-mail communications, and more.

Audits and ensures the security of databases and data transferred both internally and externally.

Designs, performs, and/or oversees penetration testing of all systems in order to identify system vulnerabilities.

Designs, implements, and reports on security systems and end-user activity audits.

Monitors server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity and logs results. Interprets activity and makes recommendations for resolution.

Recommends, schedules (where appropriate), and applies fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.

Downloads and tests new security software and/or technologies.

Trains, oversees, and/or provides guidance to junior members of the team.

This job description excludes marginal functions that are incidental to performing the job. Other duties may exist.

EDUCATION AND EXPERIENCE:

Bachelor’s degree in Cybersecurity, Computer Science, Management Information Systems, or a closely related field. 7+ years of experience in an information security-related role or an equivalent combination.

CISSP or CASP Certification preferred.

Experience as a senior-level security engineer or architect preferred

ADDITIONAL REQUIREMENTS:

Broad hands-on knowledge and experience of firewalls, intrusion detection systems, anti-virus/anti-malware software, data encryption, SIEM, and other industry-standard techniques and practices.

In-depth technical knowledge of network, PC, and platform operating systems, including Windows operating systems, Unix, SQL server, Active Directory, and network configuration.

Strong knowledge of TCP/IP and network administration/protocols.

Knowledge of applicable practices and laws relating to data privacy and protection.

Knowledge of law enforcement practices and procedures.

Intuition and keen instincts to pre-empt attacks.

High level of analytical and problem-solving abilities.

Must be able to conduct research into security issues and products as required.

Strong understanding of the organization’s goals and objectives.

Strong interpersonal and oral communication skills.

Highly self-motivated and directed.

Strong organizational skills.

Excellent attention to detail.

Must be able to effectively prioritize and execute tasks in a high-pressure environment.

Able to work in a team-oriented, collaborative environment.

Must be able to maintain good work attendance.

Safety Accountability Statement:

- Employees must consider safety in all tasks performed, as well as demonstrate safe judgment and decisions that not only maintain their own safety; but that of fellow employees and customers.

- Demonstrate a professional commitment to assure compliance with all organizational policies, practices, and programs; related to safety, health, and system security.

- Employees have a responsibility to identify and report hazards, as well as potentially unsafe conditions, to their immediate supervisor or Safety Department.

- Employees are responsible, and required, to stop a job/task to prevent an unsafe incident or act from occurring. This acknowledges the threat of potential injury, and property damage, and the opportunity for better judgment to be used.

Must comply with and support VIA’s EEO policies and the Diversity Program.

PHYSICAL REQUIREMENTS:

Dexterity of hands and fingers to operate a computer keyboard, and mouse, and to handle other computer components.

Occasionally lifts and transports objects, such as servers and peripherals.

WORK ENVIRONMENT:

Work involves deadlines and multiple priorities.

Periodic on-call availability.

Sitting for extended periods of time.

Works within the normal office environment.