The Information Security Engineer maintains Polaris Alpha’s information systems security environment and develops processes and procedures to improve security practices. This position is based in our Colorado Springs, CO office.
Responsible for ensuring the smooth operation of Polaris Alpha security systems and controls with a goal to maintain a strong information security program and enable comprehensive auditing and compliance verification. Provide hands-on support for a broad spectrum of technologies, including security software running on Windows and Linux systems, network devices, virtual machines, as well as the Polaris Alpha’s own products and services. Collaborate with internal and external stakeholders in implementing and supporting technical projects, and for operational support production platforms.
• Perform security research, analysis, and design for the Polaris Alpha’s computing systems and network infrastructure.
• Facilitate security vulnerability assessments and penetration tests. Work on security alerts, events, and security incidents, including forensics analysis.
• Contribute general consulting (risk analysis) and project support in the area of information security to IT infrastructure and projects as needed to support new business requirements.
• Participate in internal security audits and investigations. Manage and maintain a library of security audit tools and corresponding processes. Monitor trends in information technology and security.
• Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.
• Monitor security systems for anomalies and respond to potential security events.
• Oversee Database security, including patch management and configuration compliance.
• Perform periodic policy compliance reviews, risk assessments, and control testing.
• Assist in the investigation of security incidents as required, and recommend corrective actions and process improvements.
• Participate inon-call system administration support including but not limited to weekends, holidays and after-business hours asrequiredto service the needs of the business.
• Bachelor's degree in Computer Science, Information Systems, a related field, or equivalent work experience, is required. Industry certification is a plus: GIAC Security Essentials, Certified Ethical Hacker, GIAC Certified Incident Handler, Certified Security Administrator (firewall), CISSP, CISM, or CISA.
• Minimum of five years of hands-on experience in an equivalent Information Security role.
• Hands-on experience installing and administering a variety of security systems including firewalls, IDS/IPS, SIEM, manage antivirus/antimalware, patch management, NAC, DLP, and Group Policy.
• Strong knowledge in the following areas: IAM, system virtualization, Windows and Linux Security, Cloud Security, Network and Network Security, Application Whitelisting, Vulnerability Management, or endpoint security controls.
• Knowledge of compliance and regulatory program requirements, such as HIPAA, ISO 27000, NIST, FISMA, and SOC standards.
• Experience using security tools such as log analyzers, network tracers, and vulnerability scanners.
• Knowledge of the following security solutions is a plus: AMP, OpenDNS, Nessus, RSA, Splunk, Symantec DLP, and Microsoft PKI.
• Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
Req # 2187