Young Presidents Organization
Information Security Engineer
Young Presidents Organization, Irving, Texas, United States, 75084
POSITION PURPOSE
This role minimizes security risks within the organization's infrastructure to prevent unauthorized access to YPO's software, hardware, networks and data. Fosters awareness to protect against cyber security attacks and data compromise.
PRIMARY RESPONSIBILITIES Resolve all security related incidents and requests in the ticketing system. Coordinate with IT management and YPO's security partners to develop an IT security roadmap and implement a cyber security plan that protects the organization. Participate in selection, deployment and administration of security infrastructure tools that improve security posture such as vulnerability management, email & end point security, security monitoring, incident response, log mining and IPS/IDS. Keep abreast of industry security trends and developments as well as applicable compliance regulations. Deployment of security best practices and the creation of SOPs that support them. Promptly investigate all identified and reported vulnerabilities, alerts and incidents. Perform mitigation efforts and provide post-event incident reports. Respond to member inquiries regarding YPO systems security. Establish and maintain the organization's incident response and disaster recovery plans. Perform routine security assessments, pen tests, vulnerability scans and security audits. Evaluate new security technologies and recommend those that provide value. Routinely document and validate purpose of all privileged accounts. Review the technical architecture of new projects for compliance with security standards. Create, maintain, review and recommend updates to security policies, best practices, procedures, and the security awareness program. Conduct simulated events to evaluate and improve our awareness and response plan. Evaluate cyber security threats, vulnerabilities, and processes to determine relative risk to the organization's systems and data. Work closely with governance, risk and compliance teams. Produce reporting metrics to measure the effectiveness of security controls. Provide guidance to software development teams to address vulnerabilities and incorporate industry best practices. Perform audit analysis of accounts and process management to include permission lists, organizational changes, separated employees, inactive accounts etc. Develop measures to prevent unauthorized software from being installed and executed on systems. Review and archive system audit logs and all other pertinent log files that will support incident discovery and response activities. Verify the security of third-party vendors and collaborating with them to meet security requirements. Ensuring that change control procedures are strictly followed for all changes to all production systems. Analyze security incidents and escalation as needed 24x7. Work with security vendors to identify risk and vulnerabilities. Manage the organization's SSL certs and domain registrations. SKILLS
Strong technical background in systems, data and network security best practices. Communicate information security goals effectively with other departments. Ability to work collaboratively in a multi-cultural organization with international members, helping them achieve excellence in voluntary roles for YPO initiatives. Able to maintain discretion and integrity of confidential information. Strategic planning to build roadmaps to harden systems and close vulnerabilities. Social engineering, forensics and IAM solutions. Knowledge of industry threat trends, security tools and best practices. Ability to validate security controls on multiple operating systems and applications. Ability to function within a Cyber Incident Response Team (CIRT) and perform reverse malware analysis and exploit research. Experience working within or partnering with an MSSP.. Resourceful and able to work independently with initiative and common sense. Effective time management, organization and prioritization skills with the ability to focus on varied projects simultaneously. Hands on experience with firewalls, MFA, VPN, DLP, IDS/IPS, IAM, log management, content filtering, malware prevention/removal, honey pots, endpoint security, SIEM. Ability to work within an environment of frequently changing priorities. Extensive working knowledge of cloud infrastructure, virtual platforms, encryption technologies, endpoint protection, network systems such as routers, firewalls, load balancers, mail transport systems and cyber security. Analytical thinker with ability influence and guide processes with appropriate approach and execution. Natural curiosity and desire to learn more; proficiency and interest in applying new technologies and tools. Excellent verbal and written communication skills. Adjusts communication style appropriately to the audience. Vulnerability scanning, security monitoring and SIEM tools. EXPERIENCE/BACKGROUND
Advance knowledge of information security aspects such as patch management, vulnerability scanning and remediation, penetration testing, security audits, IDS/IPS, DLP, email gateways, SSO, MDM, MFA, PKI, Access Control, policy enforcement, application security, incident response, IAM, DAM, encryption and web content filtering. Experience with cloud platforms including IaaS, PaaS and SaaS. 5+ years hands on experience in a full-time cyber security role. EDUCATION/TRAINING/CERTIFICATION
Bachelor's Degree or equivalent work experience in Information Technology, Cyber Security, Computer Science or related field. Two or more industry recognized certifications in information security with at least one obtained from ISACA, ISC2, GIAC, EC-Council, or CompTIA is preferred. PHYSICAL REQUIREMENTS
Ability to work flexible and/or extended hours as needed to accommodate members and team members in multiple time zones. Willingness and ability to travel, domestically and internationally, without restrictions, approximately 5% per year
EOE
YPO is an Equal Opportunity Employer. YPO takes pride in supporting a diverse workforce and demonstrates this through its policies and practices. YPO does not discriminate in recruiting, hiring, training, promotion, or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, marital or veteran status, disability, or any other legally protected status.
This role minimizes security risks within the organization's infrastructure to prevent unauthorized access to YPO's software, hardware, networks and data. Fosters awareness to protect against cyber security attacks and data compromise.
PRIMARY RESPONSIBILITIES Resolve all security related incidents and requests in the ticketing system. Coordinate with IT management and YPO's security partners to develop an IT security roadmap and implement a cyber security plan that protects the organization. Participate in selection, deployment and administration of security infrastructure tools that improve security posture such as vulnerability management, email & end point security, security monitoring, incident response, log mining and IPS/IDS. Keep abreast of industry security trends and developments as well as applicable compliance regulations. Deployment of security best practices and the creation of SOPs that support them. Promptly investigate all identified and reported vulnerabilities, alerts and incidents. Perform mitigation efforts and provide post-event incident reports. Respond to member inquiries regarding YPO systems security. Establish and maintain the organization's incident response and disaster recovery plans. Perform routine security assessments, pen tests, vulnerability scans and security audits. Evaluate new security technologies and recommend those that provide value. Routinely document and validate purpose of all privileged accounts. Review the technical architecture of new projects for compliance with security standards. Create, maintain, review and recommend updates to security policies, best practices, procedures, and the security awareness program. Conduct simulated events to evaluate and improve our awareness and response plan. Evaluate cyber security threats, vulnerabilities, and processes to determine relative risk to the organization's systems and data. Work closely with governance, risk and compliance teams. Produce reporting metrics to measure the effectiveness of security controls. Provide guidance to software development teams to address vulnerabilities and incorporate industry best practices. Perform audit analysis of accounts and process management to include permission lists, organizational changes, separated employees, inactive accounts etc. Develop measures to prevent unauthorized software from being installed and executed on systems. Review and archive system audit logs and all other pertinent log files that will support incident discovery and response activities. Verify the security of third-party vendors and collaborating with them to meet security requirements. Ensuring that change control procedures are strictly followed for all changes to all production systems. Analyze security incidents and escalation as needed 24x7. Work with security vendors to identify risk and vulnerabilities. Manage the organization's SSL certs and domain registrations. SKILLS
Strong technical background in systems, data and network security best practices. Communicate information security goals effectively with other departments. Ability to work collaboratively in a multi-cultural organization with international members, helping them achieve excellence in voluntary roles for YPO initiatives. Able to maintain discretion and integrity of confidential information. Strategic planning to build roadmaps to harden systems and close vulnerabilities. Social engineering, forensics and IAM solutions. Knowledge of industry threat trends, security tools and best practices. Ability to validate security controls on multiple operating systems and applications. Ability to function within a Cyber Incident Response Team (CIRT) and perform reverse malware analysis and exploit research. Experience working within or partnering with an MSSP.. Resourceful and able to work independently with initiative and common sense. Effective time management, organization and prioritization skills with the ability to focus on varied projects simultaneously. Hands on experience with firewalls, MFA, VPN, DLP, IDS/IPS, IAM, log management, content filtering, malware prevention/removal, honey pots, endpoint security, SIEM. Ability to work within an environment of frequently changing priorities. Extensive working knowledge of cloud infrastructure, virtual platforms, encryption technologies, endpoint protection, network systems such as routers, firewalls, load balancers, mail transport systems and cyber security. Analytical thinker with ability influence and guide processes with appropriate approach and execution. Natural curiosity and desire to learn more; proficiency and interest in applying new technologies and tools. Excellent verbal and written communication skills. Adjusts communication style appropriately to the audience. Vulnerability scanning, security monitoring and SIEM tools. EXPERIENCE/BACKGROUND
Advance knowledge of information security aspects such as patch management, vulnerability scanning and remediation, penetration testing, security audits, IDS/IPS, DLP, email gateways, SSO, MDM, MFA, PKI, Access Control, policy enforcement, application security, incident response, IAM, DAM, encryption and web content filtering. Experience with cloud platforms including IaaS, PaaS and SaaS. 5+ years hands on experience in a full-time cyber security role. EDUCATION/TRAINING/CERTIFICATION
Bachelor's Degree or equivalent work experience in Information Technology, Cyber Security, Computer Science or related field. Two or more industry recognized certifications in information security with at least one obtained from ISACA, ISC2, GIAC, EC-Council, or CompTIA is preferred. PHYSICAL REQUIREMENTS
Ability to work flexible and/or extended hours as needed to accommodate members and team members in multiple time zones. Willingness and ability to travel, domestically and internationally, without restrictions, approximately 5% per year
EOE
YPO is an Equal Opportunity Employer. YPO takes pride in supporting a diverse workforce and demonstrates this through its policies and practices. YPO does not discriminate in recruiting, hiring, training, promotion, or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, marital or veteran status, disability, or any other legally protected status.