Information Security Engineer

Provides advanced technical level information security support to ensure the firm's overall information assets are adequately protected. This position is responsible for the technical engineering aspect of all information security hardware and software, with the skills to interpret data, configure and tune equipment and applications from both security and non-security class sources. This position requires capabilities in equipment and software configuration, installation, system interoperability and deployment.

Communicates courteously and professionally by phone, email and in person, using good

communication skills, keeping supervisor abreast of current issues and potential problems as they

develop; while seeking advice as needed.

Responsible for information equipment hardware, appliances and software including SaaS and Cloud environment solutions. Conducting, coordinating, testing, implementing, deploying, and operational maintenance of all information security systems, applications, appliances and related devices throughout the firm.

Configures multiple products, both hardware and software, to interact with each other; devises

solutions to a changing threat landscape as it evolves.

Responsible for assessing, recommending, developing, implementing and maintaining the firm's

information security infrastructure and information security standards.

Provides technical engineering expertise in the selection, testing, implementation and deployment of information security systems. This includes the evaluation of new security products, and their

interoperability with existing firm equipment, applications and environments.

Provides technical support and direction in information security monitoring, assessment, configuration, maintenance, auditing and testing.

Performs security event and intrusion analysis daily and mitigates any incidents that are

medium to critical in nature with assistance of the Information Security team. This may include troubleshooting non-security related equipment at the various layer levels to include network and software.

Assists in remediation and if necessary penetration testing, including wired and wireless, social-engineering, and application security vulnerability assessments as required by management.

Provides input to technical reviews of proposed security projects and the certification and accreditation process.

Independently and, as a team member, plans, executes and documents information security tests and evaluation.

Performs engineering and analysis of in-place technical and non-technical security controls protecting information and information systems. Assist with technical skills in network security design and implementation, including non-security related equipment interfacing as needed.

Understands the OSI model and how to apply the OSI model to daily troubleshooting and network security projects.

Understands the MITRE attack model and how to apply the MITRE model to daily troubleshooting and Information security projects.

Works with information security aspects of IT projects, ensuring security protocols are in place and in compliance with other applicable information security policies.

Assists with project plans for other IT teams to determine security requirements and follows up to ensure security of new systems.

Aids team members on specialties in information security and any security related projects.

Assist with security risk assessments and penetration studies of systems for information security.

Recommends solutions for security vulnerabilities and takes corrective measures and/or applies security patches when appropriate. Tracks vulnerabilities and remediation or mitigation.

Installs, tests, configures, monitors, maintains and upgrades malicious code detection applications/tools to ensure Malware is blocked or eradicated when detected. Configuration and tuning of information security equipment as needed to adjust to changing threat landscapes.

Analyzes problematic security log entries from security infrastructure systems, provides technical solutions to issues and security breaches.

Is on call to respond to security incidents from Shook users, representatives or clients as needed, or disaster recovery and business continuity operations.

Maintains knowledge of the firm's Information System Security posture, goals and objectives.

Follows appropriate safety procedures while carrying out all duties.

Requirements: Associate's degree (A.A.) from college or university in Information or Cyber Security; or two years information security and one year advanced information security experience and/or training with an emphasis on engineering functions; or four years of combined information systems and information security experience; and/or equivalent combination of education and experience. Professional certifications such as Security + certification or equivalent strongly preferred Must have knowledge with PC and LAN servers, IT systems, and other Information Security related technologies. Has technical skills in network servers, workstations, and applications. OTHER SKILLS Required Skillsets * Windows 2008+ Server Operating System Support * Azure Cloud Security Architecture * Certificate Authority and Key Management * General Understanding of Linux/Unix * Intrusion Protection Systems / WAF * Ability to operate Security Information and Event Management solution Additional Preferred Skillsets * Knowledge of Password Access Security systems along with Endpoint Privilege Management solutions * Network Packet Capture and Analysis * Content Filtering via Web Gateway * Malicious Site Analysis * Apple (Mac) Security Enforcement * Vulnerability and Penetration Testing * Virus Protection, Endpoint Encryption * Data Classification