Information Security Engineer

Company: HRL Laboratories
Location: Malibu
Posted on: August 5, 2022

Job Description:

This role will focus on the "behind the scenes" technologies that ensure our networks and systems are up to industry and HRL standards of information security. The Information Security Engineer is responsible for the security of HRL's computer systems and networks. The engineer implements security measures that effectively safeguard sensitive data in the event of a cyber-attack. The Information Security Engineer also provides training to employees on security best practices and advises leadership on improvements to safeguard the company's computer and network systems.Experience5 to 7 years of work experience in Information Technology combined with information security experience.Understanding of enterprise information security and technologies and how these technologies relate to prevention, detection, and response of threats.Expertise in vulnerability assessment, control allocation, and risk mitigation.Hands-on experience in network security (firewalls, VPN, proxys, web application firewall, CASB) is required.Hands-on experience in systems security, cloud security, endpoint security, identity and access management, vulnerability management, configuration management, media protection, contingency planning, log management, and data protection methods is required.Familiarity with web related technologies and of network/web related protocols.Expert technical knowledge of Networking (WAN, LAN, WLAN, etc.) and knowledge of system, database, and application security is desired.Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems.Familiarity with cloud security services, concepts, and best practices.Hands-on experience in implementing NIST 800-171 and ISO 27001 security control frameworks. Familiarity with CMMC desired.Thorough understanding of the security principles, techniques, and protocols, including defense-in-depth, network segmentation, privileged access management, common application security flaws, and commonly known ports.Hands-on experience with building, operating, or maintaining security tools such as SIEM, vulnerability assessment, privilege management, and endpoint security.Good verbal and written communication skills. Capability to clearly communicate information security concepts and risks to a non-technical audience.Solid organizational skills, including attention to detail.Ability to work effectively within a large team.Problem solving skills and ability to work under pressure.Experience building automation between tools and systems.Experience with cloud architectures is a plus.Experience performing analytics against aggregated log data and building configurations to parse and handle log data from systems and tools.Experience maturing security operations center processes and work-flows.Experience with systems design and development from business requirements analysis.Experience developing and implementing system security policies and requirements.Experience in incident response and threat hunting, and integrating threat intelligence solutions.Experience documenting system security requirements and authoring System Security Plans (SSPs).ResponsibilitiesPlan, develop, implement and update company's information security strategy.Monitor security tools (Splunk, Nessus, Crowdstrike XDR) for potential incidents and setup preventative measures.Research and identify security vulnerabilities. Conduct vulnerability scanning using Nessus.Remain informed on trends and issues in the security industry, including current and emerging technologies, techniques, and procedures.Monitor security systems for alerts, investigate alerts, and support policy/procedure and audit/assessment projects with review of technical informationGenerate reports from various tools to provide to management, as required.Evaluate/analyze and monitor systems, applications, and processes for security and compliance issues, and work with our security consultants to advise on how to develop secure solutions or remediate risks.Write technical requirements and document any security architectures.Engage in technical problem solving across multiple technologies.Complete data analysis to include forensics investigations and incident reviews.Develop, implement, and manage security technologies with a focus on security operations, incident response, forensics, vulnerability management, and insider threat.Educate and train staff on information system security best practices.Serve as the Subject Matter Expert (SME) for implemented security systems and solutions, maintaining documentation, and advising others on their underlying technologies and operation.Education & CertificationsBachelor's degree in information technology, information security, computer science and 3+ years of information security, networking and/or systems administration experience; OR 5+ years of information security experience without a degree.Master's degree in cybersecurity desired.In lieu of related degree, security related certifications highly desired (e.g., Security+, CISSP).Essential Physical/Mental RequirementsExcellent verbal and written communication skills are essential. Must be able to multitask in a dynamic environment; develop solutions to various complex problems and plan, schedule and prioritize tasks.Special Requirements (e.g. driver's license, special tools or restrictions)Responsibilities sometimes require working evenings and weekends, and in some cases with little to no advance notice. This position requires that the applicant selected be a U.S. citizen and be able to obtain and maintain a security clearance.This position must meet Export Control compliance requirements, therefore a "U.S. Person" as defined by 22 C.F.R. - 120.15 is required. "U.S. Person" includes U.S. Citizen, lawful permanent resident, refugee, or asylee.HRL offers a very competitive compensation and benefits package. Our benefits include medical, dental, vision, life insurance, 401K match, gym facilities, PTO, growth potential, and an exciting and challenging work environment.HRL Laboratories is an Equal Employment Opportunity employer and does not discriminate in recruiting, hiring, training or promoting, on the basis of race, ethnicity, color, creed, religion, sex, sexual orientation, gender, gender identity, genetic information, national origin, physical or mental disability, pregnancy, medical condition, age, U.S. military or protected veteran status, union membership, or political affiliation. We maintain a drug-free workplace and perform pre-employment substance abuse testing.For our privacy policy please visit: www.hrl.com/privacy

Keywords: HRL Laboratories, Malibu , Information Security Engineer, Engineering , Malibu, California