We are seeking a hands-on information security professional to join our Information Security group. The Sr. Information Security Analyst / Sr. Information Security Engineer will perform web app vulnerability assessments, perform manual and automated tests, and document their results including a risk assessment. In addition, install, configure, and conduct reviews as it relates to a wide variety of areas including, network security, SIEM, FIM, IDS/IPS, WAF, endpoint protection, and review other security logs for anomalous behavior and perform incident response. The engineer may participate in security control review, design, and threat modeling activities with Development, DevOPs, and IT personnel.
TouchNet, a Global Payments Company, is a pioneer in delivering innovative commerce solutions to Higher Education. Since 1989, colleges and universities have relied on TouchNet to unify and secure transactions everywhere money moves on campus. Today, TouchNet U.Commerce is the premier commerce management system for Higher Education. TouchNet solutions help institutions run campus business better by providing greater control over transactions, costs, compliance, and financial operations.
- Web app vulnerability assessment
- Network vulnerability assessment
- Administering and reviewing security systems such as WAF, SIEM, FIM, IDS/IPS, endpoint protection
- Security incident response
- Network and application security control review and design
- Auditing device configurations (e.g. servers, firewalls, VPN)
Qualifications / Requirements:
- Bachelor's degree required
- Typically 4 years of relevant experience in Security related field, Information Technology, IT/Security consulting
- Cloud security background is desirable
- Scripting knowledge such as Python and PowerShell is desirable
- One or more of the following: CISSP, CEH, CISA, CISM, eWPTX, OSWE, PCI-QSA, PA-QSA, CRISC, CGEIT or other security certifications
What Are Our Desired Skills and Capabilities?
- Skills / Knowledge - A seasoned, experienced professional with a full understanding of area of specialization; resolves a wide range of issues in creative ways. This job is the fully qualified, career-oriented, journey-level position.
- Job Complexity - Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors. Demonstrates good judgment in selecting methods and techniques for obtaining solutions. Networks with senior internal and external personnel in own area of expertise.
- Supervision - Normally receives little instruction on day-to-day work, general instructions on new assignments.
- Network Engineering - Maintains an understanding of TCP/IP network connectivity, subnet segmentation, security zones, secure ports/protocols, network authentication/authorization, security tools and their applicability (WAF, IPS, Sandbox, etc.).
- Vulnerability testing, risk analyses and security assessments - Knowledge of vulnerability testing, risk analyses and security assessments
- Technical industry acumen - Knowledge of Industry regulatory audit requirements and solutions and Authentication, authorization, and encryption solutions