Information Security Engineer at Ortho-Clinical Diagnostics in Rochester, NY

As our company continues to grow, we are seeking an Information Security Engineer for our technical Information Security team located in Rochester, NY. Reporting into the Senior Manager of Information Security, this resource will have global responsibility for two critical Information Security areas: 1. Develop, design, implement and execute a security architecture assessments and consulting on remediation recommendations. 2. Analyze and respond to a wide range of security requests covering all locations and the ability to communicate with all levels within the company. The position will assist the Senior Manager to assess, design, implement and provide ongoing relevant information security services as well as communicating risks, exposures, or threats to relevant stakeholders. The Information Security Engineer also serves as a strong consultant to the enterprise business units, application and technical teams.

The Responsibilities

• Document, audit, and evaluate risks to multiple manufacturing environments.
• Establish technical standards and process that ensure industry best practices for Information Security are applied to manufacturing systems and IT.
• Engage with projects and one-off requests for security engineering and solution architecting
• Monitor, evaluate and provide threat and vulnerability analysis as well as security advisory services.
• Ensures all information security deployments are properly implemented and supported.
• Investigate, document, and report on information security issues and emerging trends. Remain current, identify new functionality to meet business needs and foster knowledge sharing.
• Integrate and share information with other analysts and teams
• Assist with policy, standards, process and procedural updates as part of comprehensive remediation solutions
• Validate remediation by reviewing application updates or deployed mitigations to verify resolution.
• Provide security consulting services, as needed, to various projects to ensure all information security needs are met
• Work with minimal supervision and be responsible for independently making a broad range of critical decisions. Apply sound judgment, escalating issues and decisions to the appropriate executive when necessary.

The Individual

• Bachelor’s Degree required, with a preference in Computer Science, Business, or related discipline
• Professional certification such as Certified Information Systems Security Professional (CISSP) or other industry recognized information security credential is preferred.
• Membership in regional and national security organizations such as ISSA, ISC2, ISACA, ACFE, ECTF, Infragard, etc. desired
• Minimum of five years’ experience required with emphasis on security assessments, architecture and engineering.
• Must have demonstrated hands-on experience with Information Security tools
• Must have strong technical knowledge in information security in combination of the following areas: Networking technology, SCADA and manufacturing systems, Operating system administration for Windows and Linux servers, Windows 10, Office 365/Azure, Microsoft Defender ATP, Trend Micro Deep Security, AWS Security, Web operations, Apache, WebSphere, network and Internet security, Cloud and virtual hosting environments., Application and database security, SAP BASIS.
• Must have the ability to analyze, document and assess complex manufacturing environments
• Effective project management skills and the ability to work on multiple concurrent projects is required.
• Working knowledge of IP subnets, communication protocols including the ability to perform network traffic analysis with Wireshark, is required.
• Must have knowledge of network technology and information security monitoring practices. Must have demonstrated ability to apply technology solutions to business problems.
• Demonstrated familiarity with administration and use of networking devices including Cisco routers and switches, Palo Alto firewalls, load balancers and VPN concentrators is preferred.
• Possesses and displays excellent verbal and written communication skills with ability to convey information to internal and external customers in a clear, focused, and concise manner. Ability to work with all levels of the organization, both technical and non-technical
• High level of personal integrity, ability to professionally handle confidential matters, and reflect appropriate level of judgment and maturity is required.
• High degree of initiative, dependability and ability to work with little supervision is required.
• Must have proven ability to recognize opportunities for change and act as a catalyst for change management.