IT Security Engineer (Remote opportunity in Westfield's operating territory)

LOCATION: Remote work opportunityb within Westfield's operating territory.
SALARY RANGE: Minimum Salary 96,129.00 Midpoint Salary 110,548.00 Maximum Salary 124,968.00

BUILD YOUR FUTURE, WHILE PROTECTING THEIRS.

You will be challenged. Rewarded. And valued for your unique experience, background and perspective. 
Join a team where hard work pays off and original thinking is celebrated. As you build your future at Westfield, you will quickly learn that protecting our customer’s future is at the heart of what we do. We deliver on our promise to help restore lives and rebuild businesses when the unexpected happens. Building relationships has been a part of our culture since 1848. 

Be a part of a team that recognizes and appreciates those who take initiative, seek opportunity and strive for innovation in a changing world.

Information Security Engineer 2 Job Summary

The Information Security Engineer 2, working under minimal supervision, operates the information security systems and technical security controls across the company. This role researches, recommends and implements changes to enhance information systems security and monitoring capabilities. This role identifies and investigates anomalies and produces status reports and metrics reflecting the current state of security within the company. This role encompasses the following domains:

• Vulnerability Management
• Incident Response and Forensics
• Security Monitoring
• Services security: including email, web and internal networking, malware detection and remediation
• Firewall and Intrusion Prevention Support

Essential Functions (primary functions and/or reasons the job exists in order of importance)

• The Security Engineer operates the information security systems and technical security controls across the company including: research, recommendations and implementation.
• Responsible for the security event management process including monitoring, logging, alerting, auditing and reporting on threats, vulnerabilities and breaches. Determines the appropriate thresholds and monitors the environment for anomalous behavior using SEIMS, VMS and IPS/IDS.
• Responsible for activities involved with e-discovery data collection tasks, coordinating information security investigations, performing computer forensics and the organization and presentation of electronic forms of evidence.
• Coordinates exercises and tabletops to validate performance of information security incident response plans and process.
• Conducts training and awareness activities that promote the computer incident response process and plans focusing on what comprises an information security incident and what should be done if one occurs.
• Coordinates internal and external focused information security assessments to provide for an independent validation of the company’s state of security. Tracks and communicates these assessment findings.
• Identifies and produces metrics and scorecards that represent the current state of information security-related vulnerabilities and mitigating controls.
• dentifies and evaluates potential threats and vulnerabilities (either detected internally or publicly announced) that could impact the company’s applications or infrastructure and recommends mitigating controls to reduce the company’s risk.
• Creates, maintains, publishes and follows well documented standard operating processes and procedures (SOP’s) related to the gathering, preservation of custody and delivery of electronic records.
• Leads information security incident response teams when incidents occur that require evidence collection of computer forensics.
• Conducts reviews of security related device configurations (i.e. Firewall Rulesets, Router/Switch configurations, etc.) to identify unsecure or out of compliance configurations. Reviews security configurations and functionality of intranets, servers, applications, databases, and other relevant parts of the company’s infrastructure.
• Maintains and grows knowledge and understanding of information security, risk management and regulatory compliance topics. Maintains professional/technical currency of information security knowledge.
• Provides subject-matter expertise and support to project teams as needed.
• Mentors less-experienced team members.
• Participates in security compliance efforts (e.g., PCIDSS, SOX).
• Develops and delivers training materials and perform general security awareness and specific security technology training.
• Participates in tier 2 security operations support.
• Travels occasionally in order to participate in special assignments, training, and/or travel between office locations.

Desired Qualifications/Experience/Certification/Education (in order of importance)

• 5+ years of information security experience.
• Experience conducting comprehensive threat and risk assessments of IT systems, applications, and networks gained via previous work experiences.
• Experience with vulnerability management toolsets, hacking toolsets and security event management systems.
• Understanding of current information security techniques and technologies as well as the methods used in performing risk analyses and assessments.
• Knowledge of systems analysis and programming skills.
• Experience maintaining and updating documentation necessary for supporting security environments.
• Experience conducting security assessments and using hacking tools in a controlled corporate environment.
• Highly proficient computer and systems skills, with skills in scripting and basic programming.
• Ability to respond to emergency service calls at any time outside of normally assigned work hours.
• Familiarity with the following technologies: authentication, authorization, privilege management, access control, firewalls, virtual private networking, and computer network defense, firewall and router configuration, switches, secure network architecture, VPNs, PKI, TCP/IP,IPSEC, SSL, SSH, VPN, Ethernet, SMTP, FTP, WAN, Radius, Load Balancers, XML, HTML, SNORT, Sniffer technologies, Windows Operating Systems, Solaris, AIX, HP-UX, nCircle, Linux, Active Directory, LDAP.
• Working towards or already obtained the following Certified Information Systems Security Professional (CISSP).
• Excellent oral, written and interpersonal skills, resulting in the ability to interact with all levels of management and employee population.
• Bachelor’s Degree in Information Technology or commensurate experience.
• Valid driver’s license and a driving record that conforms to company standards.

Physical Requirements (specific to the role)

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

• * Ability to work effectively in an office environment for 40+ hours per week (including sitting, standing and working on a computer for extended periods of time).
• * Ability to communicate effectively in a collaborative work environment utilizing various technologies such as: telephone, computer, web, voice, teleconferencing, e-mail, etc.
• * Ability to respond to emergency service calls at any time outside of normally assigned work hours.
• * Ability to travel as required.

This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

Westfield offers a Total Rewards program that focuses on compensation, benefits and wellness, and includes perks like 401(k), pension plan, annual incentive, education reimbursement, flex-time, onsite fitness center and casual dress. Work-life balance, recognition, and learning and career development are all part of a rewarding career with Westfield.

To learn more about Westfield and the opportunities available, please visit us at westfieldinsurance.com.

#LI-PB1 #LI-Remote

We are an equal opportunity employer/minority/female/disability/protected veteran.