In short, as a Senior Information Security Engineer, you will help plan and carry out DriveTime's information security strategy and safeguard our computer networks and systems. You will implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.
In long, our Senior Information Security Engineer are responsible for:
- Monitor trends, news and changes to industry threat and compliance environments with respect to organizational risk
- Partner with business and technology to provide expert security guidance into design and implementation of security initiatives
- Consult with both technology and business teams to identify priorities and security requirements, and incorporate these requirements into our security strategy
- Analyze, recommend, maintain and enforce system security controls and compliance initiatives
- Monitor and assess change management processes and production releases to assure application security is prioritized and maintained
- Responds to information security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches
- Monitor information systems for security incidents and vulnerabilities; develop monitoring and visibility measures; reports on incidents, vulnerabilities, and trends
- Architect, research, and design security initiatives
- Sourcing and implementing new security solutions to better protect the organization
- Promote a culture of information security
So What Kind of Folks Are We Looking for?
- Organization and time management skills in spades. You'll be handling multiple projects and deadlines that will require you to prioritize then re-prioritize… then… re-prioritize again.
- Excellent verbal and written communication skills - the ability to talk and write with confidence, charisma and competence for a wide variety of audiences.
- Killer analytical and reporting abilities. You'll need the capability to analyze financial data and in return, prepare timely reports on your findings.
- Detail-oriented. Okay we know it's on about every job description – but we really mean it!
- Strong knowledge of secure coding practices
- Auditing, penetration testing and forensics experience
- Solid understanding of cloud and infrastructure based security
- Minimum of 5 years' industry experience in security engineering
- Experience in patch management and vulnerability scanning
- Healthy problem solving and prioritization skills
- Demonstrated ability to drive incident management and breach response
- Strong technical knowledge and confidence in communicating with highly technical audiences
- Proven written and verbal communication skills and an ability to communicate across all areas and levels of the business
- Excellent analytical and problem solving skills
- Proven experience in identifying solutions for complex problems in enterprise environments
- Motivated self-starter with a proven track record of taking ownership of information security challenges and driving them to resolution
- Familiarity with security solutions, including file integrity monitoring and data loss prevention.