Job Title: CISSP Information Security Engineer (61815-RAJRAJ-IO44-E-ARI)
Location: Empire State, NY
Duration: 6+ months
Emp.Type: W2/1099
Interview Process: Telephone Interview and On-site In-person Interview
Detail Job Description:
Position Summary:
The Senior Information Security Engineer, reporting to the Senior Director, Information Security is responsible for supporting the execution of the Information Security program at Sirius XM. In particular, this role will focus on driving the design, implementation, and maintenance of security technology and program functions for the connected vehicle and infotainment products and service offerings of Sirius XM.
This position is a hands-on information security position responsible for working with members of the business and IT departments to identify, prioritize, and reduce information security risks in a cost-effective way. In addition to assuring the proper level of focus and controls exist in the right areas, the position will also provide support for vulnerability scanning/detection, penetration testing, security monitoring, and incident response activities.
The position investigates security incidents reported to the Information Security and Compliance Department.
Duties and Responsibilities:
Serves as information security subject matter expert for SXM Radio, connected vehicle services, streaming and infrastructure systems and network security.
Responsible for supporting the information security program and performance of relevant information security engineering and testing activities for the radio, connected vehicle services, streaming and infrastructure services of Sirius XM
Collaborates with business owners, product/systems engineers, and operational personnel to understand business priorities and goals, company culture, and processes to identify information security risks; works with teams to recommend and help implement solutions and/or mitigating controls
Provides technical design, documented guidelines and implementation support of security controls for servers, workstations, network devices, multi-function devices, mobile computing platforms, and applications
Performs security assessments and technical testing of information systems infrastructure and applications, including internal, external, and partner facing systems
Identifies singular and compound vulnerabilities across operating systems, databases, network infrastructure, and applications
Performs reconnaissance activities to identify potential security weaknesses or information that could be leveraged against and do further harm to Sirius XM information assets
Appropriately classifies findings in terms of severity and in light of exploitability, actively circulating threats, and mitigating controls
Maintains risk based test/evaluation schedule and coordinates production and potentially invasive testing through the Sirius XM change control board
Actively tracks vulnerability findings and status of remediation, driving toward resolution
Validates the continued and proper placement, operation, and tuning of security
instrumentation, including vulnerability scanners, intrusion detection sensors, DLP, security log monitoring/correlation tools, file integrity monitoring solutions, and other security relevant controls by monitoring the IT security operations groups and their activities
Expedites neutralization of threats that pose immediate danger to the confidentiality, integrity, and availability of information assets
Evolves and adapts incident response and handling procedures commensurate with changing threat landscape and business needs
Provides routine status and metrics for information security to the Senior Director of Information Security
May perform daily and alert based monitoring of information security events and initiate response procedures in accordance with established processes.
May perform routine and ad-hoc information security vulnerability scanning and testing to identify risks to information assets; escalate and expedite resolution/mitigation of vulnerabilities deemed high/critical severity.
Helps raise awareness of information security in the company and provide holistic guidance on information security.
Supports PCI/PII and other regulatory related activities and remediation
Supervisory Responsibilities:
There are no supervisory responsibilities associated with this job
Minimum Qualifications:
10+ years hands-on information technology security experience
A Bachelors degree from an accredited institution or an equivalent combination of education and work experience.
Must have current Certified Information Systems Security Professional (CISSP) certification; additional certifications such as GIAC, CEH, LPT, PCI-ISA, etc. are preferred.
Experience with PCI, ISO, and threat analysis and detection capabilities.
Significant experience in working within an incident response program, including management of third-party service providers preferred.
Experience with vulnerability and penetration testing and the underlying security toolbox desired.
Familiarity with the changing threat landscape, updated by continual review of mainline and trade reportage, required.
Requirements and General Skills:
Self-motivated to constantly hone information security knowledge and skills
Good public speaking and presentation skills
Interpersonal skills and ability to interact and work with staff at all levels
Excellent written and verbal communication skills
Ability to work independently and in a team environment
Ability to project a professional image over the phone and in person
Commitment to internal client and customer service principles
Strong organizational skills and attention to details
Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast paced environment.
Location: Empire State, NY
Duration: 6+ months
Emp.Type: W2/1099
Interview Process: Telephone Interview and On-site In-person Interview
Detail Job Description:
Position Summary:
The Senior Information Security Engineer, reporting to the Senior Director, Information Security is responsible for supporting the execution of the Information Security program at Sirius XM. In particular, this role will focus on driving the design, implementation, and maintenance of security technology and program functions for the connected vehicle and infotainment products and service offerings of Sirius XM.
This position is a hands-on information security position responsible for working with members of the business and IT departments to identify, prioritize, and reduce information security risks in a cost-effective way. In addition to assuring the proper level of focus and controls exist in the right areas, the position will also provide support for vulnerability scanning/detection, penetration testing, security monitoring, and incident response activities.
The position investigates security incidents reported to the Information Security and Compliance Department.
Duties and Responsibilities:
Serves as information security subject matter expert for SXM Radio, connected vehicle services, streaming and infrastructure systems and network security.
Responsible for supporting the information security program and performance of relevant information security engineering and testing activities for the radio, connected vehicle services, streaming and infrastructure services of Sirius XM
Collaborates with business owners, product/systems engineers, and operational personnel to understand business priorities and goals, company culture, and processes to identify information security risks; works with teams to recommend and help implement solutions and/or mitigating controls
Provides technical design, documented guidelines and implementation support of security controls for servers, workstations, network devices, multi-function devices, mobile computing platforms, and applications
Performs security assessments and technical testing of information systems infrastructure and applications, including internal, external, and partner facing systems
Identifies singular and compound vulnerabilities across operating systems, databases, network infrastructure, and applications
Performs reconnaissance activities to identify potential security weaknesses or information that could be leveraged against and do further harm to Sirius XM information assets
Appropriately classifies findings in terms of severity and in light of exploitability, actively circulating threats, and mitigating controls
Maintains risk based test/evaluation schedule and coordinates production and potentially invasive testing through the Sirius XM change control board
Actively tracks vulnerability findings and status of remediation, driving toward resolution
Validates the continued and proper placement, operation, and tuning of security
instrumentation, including vulnerability scanners, intrusion detection sensors, DLP, security log monitoring/correlation tools, file integrity monitoring solutions, and other security relevant controls by monitoring the IT security operations groups and their activities
Expedites neutralization of threats that pose immediate danger to the confidentiality, integrity, and availability of information assets
Evolves and adapts incident response and handling procedures commensurate with changing threat landscape and business needs
Provides routine status and metrics for information security to the Senior Director of Information Security
May perform daily and alert based monitoring of information security events and initiate response procedures in accordance with established processes.
May perform routine and ad-hoc information security vulnerability scanning and testing to identify risks to information assets; escalate and expedite resolution/mitigation of vulnerabilities deemed high/critical severity.
Helps raise awareness of information security in the company and provide holistic guidance on information security.
Supports PCI/PII and other regulatory related activities and remediation
Supervisory Responsibilities:
There are no supervisory responsibilities associated with this job
Minimum Qualifications:
10+ years hands-on information technology security experience
A Bachelors degree from an accredited institution or an equivalent combination of education and work experience.
Must have current Certified Information Systems Security Professional (CISSP) certification; additional certifications such as GIAC, CEH, LPT, PCI-ISA, etc. are preferred.
Experience with PCI, ISO, and threat analysis and detection capabilities.
Significant experience in working within an incident response program, including management of third-party service providers preferred.
Experience with vulnerability and penetration testing and the underlying security toolbox desired.
Familiarity with the changing threat landscape, updated by continual review of mainline and trade reportage, required.
Requirements and General Skills:
Self-motivated to constantly hone information security knowledge and skills
Good public speaking and presentation skills
Interpersonal skills and ability to interact and work with staff at all levels
Excellent written and verbal communication skills
Ability to work independently and in a team environment
Ability to project a professional image over the phone and in person
Commitment to internal client and customer service principles
Strong organizational skills and attention to details
Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast paced environment.
Must have legal right to work in the U.S.
Sirius XM is a 24/7 operational entity and, from time to time, the Senior Information Security Engineer is expected to serve as an on-call resource and to participate in security activities outside of normal business hours.
This position may require 50-75% travel
Technical Skills:
Relevant work experience designing and implementing security controls and securing systems, applications, and infrastructure (5+ years)
Vulnerability and penetration testing tools and techniques (2+ years)
Malware protection and response (2+ years)
IDS/IPS and security event/ log monitoring and correlation (2+ years)
Security program implementation (1+ years)
Working knowledge of ISO standards, PCI, OWASP Top 10
Experience with internet facing services and 24x7 environment
Experience with telematics services is preferred
Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Disabled
The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice
Sirius XM is a 24/7 operational entity and, from time to time, the Senior Information Security Engineer is expected to serve as an on-call resource and to participate in security activities outside of normal business hours.
This position may require 50-75% travel
Technical Skills:
Relevant work experience designing and implementing security controls and securing systems, applications, and infrastructure (5+ years)
Vulnerability and penetration testing tools and techniques (2+ years)
Malware protection and response (2+ years)
IDS/IPS and security event/ log monitoring and correlation (2+ years)
Security program implementation (1+ years)
Working knowledge of ISO standards, PCI, OWASP Top 10
Experience with internet facing services and 24x7 environment
Experience with telematics services is preferred
Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Disabled
The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice
To Apply, Please click here: APPLY NOW
No comments:
Post a Comment