Information Assurance: Security Engineer

MotionPoint Corporation is committed to achieving the optimal level of security and privacy protection for our and our customers’ data and information assets while providing a safe and secure computing environment in which to conduct our daily business. The Security Engineer is responsible for monitoring, preventing, and reacting to threats and is an integral part of the MotionPoint Information Security Management System (ISMS). This role works closely with the Chief Information Security Officer (CISO), Information Technology, Development and other MotionPoint business units to ensure security framework, regulatory, and compliance requirements are met and maintained (e.g., PCI DSS, HITRUST, HIPAA, etc.), and threats are responded to appropriately.

Primary Responsibilities

Defense in Depth:

• Assess and understand active environment threats through the application of security tools and other authoritative and industry recognized sources.
• Work with Technology teams to maintain threat analysis and defense.
• Drive change to ensure continuous improvement of MotionPoint’s security posture and framework.
• Implement and administer security tools.

Security Incident Response:

• Analyze available data sources to identify trends and make recommendations to enhance network, system and data security.
• Review and respond to security logs, alerts and reports for critical systems.
• Create and track security incident investigations to resolution and generate reports.
• ‘First responder’ to any security incidents as a part of the “Security Incident Response Team (“SIRT”) team.

Identity and Access Management

• Gather security related requirements for new applications being added to corporate authentication and account management services.
• Assists business units with design and implementation of user access roles at the application and technology infrastructure levels as necessary.
• Frequently exercise discretion and independent judgment whether system or access level changes meet regulatory and statutory compliance requirements.
• Provides general troubleshooting of access-related issues.
• Contributes to the Information Security team effectiveness by assisting in the strategic direction of the IAM program.
• Assists business units and HR to determine employee or third party/vendor level of access and status (manually or via automated workflows).
• Perform regular maintenance of application data, documentation, and record keeping data.
• Organizes and tracks IAM projects;
• Manages relationships with external vendors for IAM functions.
• Participates in the organization of after-hours maintenance efforts.
• Ensures the delivery of high-quality documentation as required by the scope of a project, including the ability to support knowledge sharing with other teams for ongoing support.

Auditing

• Assist auditors as needed to ensure compliance.
• Participates in periodic compliance audits (i.e., access review) in conjunction with risk and compliance management capability for ISO27001, HIPAA, PCI DSS, PII and BCP/DR related systems.
• Assist in recurring audit tasks on user access accounts, firewall rules, antivirus, etc.
• Participates in remediation activities related to access review, audit and/or assessment findings pertaining to inappropriate user access.
• Test for vulnerability to social engineering, phishing, etc.

Compliance

• Periodically review and recommend changes to security procedures to keep them up to date with regulatory and business changes
• Assist with oversight of the Information Security program, third-party risk assessments, etc.
• Implements and monitors changes to policy, process or practice.
• Identifies obstacles or inefficiencies and makes recommendations for improvement.
• Contributes to the creation and modification of processes and procedures.
• Investigate and document gaps in controls and processes and work with internal teams to resolve them.

Subject Matter Expert:

• Provide ongoing input to the MotionPoint Compliance Committee as to current state, roadmap changes and incident status.
• Assist team members with questions and provides guidance and mentoring.
• Participate on the enterprise risk management committee.
• Collaborate with team members and stakeholders to ensure the security integrity of our production operations remain effective and efficient.

Requirements

• Bachelors degree in Computer Science, Engineering, or other Technology related field;
• Five (5) years technology or information security related experience;
• One or more of the following certifications preferred, GSEC, GISF, Security+, CISSP, or the ability to gain within 6 months of employment.
• Broad understanding of the information security, including core concepts such as the protection of confidentiality, integrity, and accessibility (CIA).
• Strong knowledge of incident response processes;
• Hands on experience with security systems like Firewall, IDS/IPS, SIEM, EDR, Vulnerability Management System and other solutions;
• Experience managing security service providers to complete regular duties;
• Experience in PCI DSS and HIPPA technical standards highly desired; and
• Public cloud experience (e.g., AWS, GCP, Azure) with AWS highly desired.

Skills And Competencies

• Maintains strong problem solving and creative skills;
• Ability to articulate security risks and vulnerabilities.
• Self-motivated and able to work independently and make decisions concerning SecOps;
• Ability to set priorities and balance likelihood and business impact against cost of remediation and competing business interests;
• Strong knowledge of Single Sign-On and Authentication and Authorization Services such as SAML 2.0, SCIM, OpenID, and Kerberos;
• Strong knowledge in LDAP and Active Directory Services;
• Ability to analyze business processes to improve security assurance posture of the department;
• Possesses effective communication and presentation skills to articulate policies, procedures and plans to senior level management;
• Possess a competency in project management methodology;
• Ability to collaborate and work well in a fast paced, team environment
• Customer service attitude;
• Every team member exhibits our core values:
  • Do the Right Thing
  • Support Each Other
  • Balance Work & Life
  • Be A Curious Learner
  • Stay Hungry
  • Find a Better Way
  • Start With the Customer
  • Act as an Owner
    
    

Location: Coconut Creek, FL/Remote