The Enterprise Security Engineer is a key member of the EA Security organization, which provides information security and risk management support for EA’s business worldwide.
This position works closely with the various EA business units, technology departments, and internal EA Security teams to engineer and deploy security solutions.
The successful candidate will have extensive knowledge of technology offerings, including emerging technologies, and have hands on experience in implementing and using technology and security platforms/solutions. This individual must be detail and process oriented, and must demonstrate problem-solving abilities.
The successful candidate will work alongside colleagues spanning the globe. This position requires occasional national and international travel.
- Lead the implementation of security technologies, including requirements definition, solution design, product evaluation, planning, implementation, operational transition, and support.
- Work with cross-functional teams to engineer technical solutions and processes to address key security risks.
- Drive the deployment/implementation of security solutions/controls in the enterprise with cross-functional teams.
- Shape business needs into solutions that enable the business in a secure manner.
- Produce written technical documentations, and deliver presentations on security solutions.
- Provide technical input in the creation of global security documents (policies, standards, baselines, guidelines and procedures), as well as the design and implementation of associated processes.
- Identify security issues and provide recommendations for addressing the issues.
- Maintain up-to-date detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
- Remain informed on trends and issues in the security industry, including current and emerging technologies and regulatory and compliance issues. Information management teams on their relative importance.
- Participate in the incident response process as necessary, including investigating suspicious behaviour.
- Provide governance and due-diligence within the IT helpdesk ticketing system to approve security related changes within the EA environment.
- Foster a sense of community with other team members through open communication, collaboration, and knowledge sharing.
Skills, Knowledge, and Abilities:
- A successful track record and at least eight years of experience in technology and information security.
- At least three years of experience being responsible for reviewing, recommending, implementing, and supporting security solutions.
- Demonstrated knowledge of recognized security industry standards and leading practices (e.g., PCI, OWASP, NIST, CIS, etc.)
- Strong knowledge of network technologies and platforms (e.g., TCP/IP, routing protocols, subnet, VLAN, QoS, MPLS, access control list, firewall, router, switch, VPN, load balancer, network traffic analysis, IDS/IPS, proxy, etc.).
- Strong knowledge of server and workstation technologies and platforms (e.g., Windows, Unix, Linux, Macs, etc.).
- Strong knowledge of directory, identity, authentication, and access management technologies (e.g., AD, LDAP, SSO, AD FS, multi-factor authentication, TACACS+, Radius, etc.).
- Working knowledge of middleware technologies and platforms (e.g., databases, web server, application servers, etc.).
- Working knowledge of virtualization and cloud technologies, platforms, and services.
- Broad knowledge of security technologies, solutions, and tools (e.g., encryption technologies, SIEM, DLP, AV, port scanners, vulnerability scanners, etc.).
- Experience with programming or scripting languages (e.g., Shell, Perl, Python, etc.).
- Broad knowledge of operational and security processes/controls (e.g., vulnerability management, patch management, configuration management, access management, etc.).
- Solid understanding of assessing and designing security controls in an enterprise-level environment.
- General understanding of how to conduct risk assessments and the associated methodologies involved in risk mitigation and the presentation of this work.
- Must be able to understand business needs that are only defined on a conceptual level.
- Exceptionally self-motivated, directed, detail-oriented with strong sense of ownership.
- Ability to work in a cross-functional team and effectively coordinate with internal stakeholders to accomplish business goals.
- Excellent written and verbal communications skills.
- Perform multiple critical assignments under stringent deadlines in a fast-paced, highly complex, and dynamic environment; able to adapt to changing project requirements.
- Bachelor’s degree in Computer Science or related fields.