Senior IT Security Engineer
Senior Security Engineer
CEB (NYSE: CEB) is a best practice insight and technology company. In partnership with leading organizations around the globe, we develop innovative solutions to drive corporate performance. CEB equips leaders at more than 10,000 companies with the intelligence to effectively manage talent, customers, and operations. CEB is a trusted partner to 90% of the Fortune 500, nearly 75% of the Dow Jones Asian Titans, and more than 85% of the FTSE 100.
The Senior Security Engineer has responsibility for the support, engineering, project leadership, consultation and operational research/resolution for Corporate Executive Board's enterprise security profile. This role is responsible for implementation, maintenance, and operation of information security controls. The Senior Security Engineer will maintain and/or enhance the integrity of the corporate technology landscape through direct and collaborative efforts in research, design, configuration, maintenance, and support of the hardware, systems and interfaces that comprise CEB's information technology operating environment. The Senior Security Engineer will also lead in architectural design, procurement, and evaluations of additional resources to the infrastructure.
More specifically, this position will provide senior technical oversight for the technologies and security policies associated with (but not limited to) Data, Processes and Systems including Servers, Network Devices, Storage Area Networks, VPN, Firewalls, etc. and will create and enforce policies and procedures associated with the effective and efficient administration of such component systems. Finally, this position will review system and firewall logs, as well as announcements of new security vulnerabilities, in order to identify actionable information.
- Provide security guidance and driving infrastructure decisions in collaboration with other technical and management stakeholders, ensuring Security principles are being upheld and no violations of Security Policy is taking place.
- Possess an understanding of security monitoring products across IT platforms (Log Management analysis, Intrusion Detection analysis, Vulnerability Scanning analysis, and etc).
- Work closely with senior management, systems operations staff, software development staff, support staff, and end-users to ensure rapid resolution of Security issues (Network and Host based Firewall changes, IPSec policy changes).
- Work face-to-face with multiple stakeholders interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition in a highly motivated, fast paced environment.
- Defining and/or refining SLAs / OLAs in order to meet technical, operational, security and business needs.
- Support others in analyzing and resolving difficult technical problems (act as 3rd/4th level support as appropriate).
- Act as Subject Matter Expert and escalation resource as appropriate (network, server and application troubleshooting).
- Maintain currency on Security Industry, Sarbanes Oxley, ISO and other standards as appropriate.
- Conduct in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
- Engage in ongoing research of emerging trends and new technologies which may benefit the corporation's goal of strategically implementing technology to enhance business performance, and specifically support the IT security function.
- Performs other duties as required.
- Role Qualifications
- Must have a Bachelor's degree in a relevant field with 5 years of experience.
- One or more of the following certification: GSEC, GCIA, GCIH, CCNA Security, CISA, CISM, CCSP, MCSA/MCSE 2008/2003 and/or CISSP.
- In-depth knowledge of security and privacy best practices.
- In-depth knowledge of NAC systems, such as Aruba ClearPass or Cisco ISE, 802.1x wired/wireless, TACACS.
- In-depth understanding of standard internet protocols (i.e., FTP, HTTP, DNS, DHCP, RADIUS, SNMP, and SMTP).
- Ability to perform risk assessments and build risk mitigation plans.
- Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Vulnerability Scanners, Virtual Private Networking, virus protection technologies, and Log Management).
- Knowledge of various vulnerability scanning tools (i.e., Qualys, Acunetix) and ability to lead remediation efforts with various application owner.
- Knowledge of LAN/WAN design and general internetworking technologies.
- Knowledge of Microsoft server products including Windows Server, Active Directory, IIS and SQL Server.
- Experience leading IT or Information Security projects.
- Experience with managing vendor relationships and leading consulting firms on projects.
- Working knowledge of systems infrastructure technologies.
- Strong analytical, project management and technical problem solving skills.
- Passion for teamwork, career growth, and knowledge sharing.
- Ability to adapt quickly to change and to influence matrix organization to conform and support Security Policies.
- Written and oral communication skills, teamwork and organizational skills.
- Strong ability to function independently or as a part of a large, integrated cross-functional team.
Meet Some of CEB's Employees
Business Development Associate
Andrew works with his team to find and reach out to new business prospects for CEB. He interfaces with Fortune 500 companies across the world—and gets them on board with CEB's solutions.
Back to top