Information Security Engineer
Job Title Information Security Engineer Organizational Unit CNA Corporation -> Corporate -> Chief Information Office Location Corporate: - Arlington, VA 22201 US (Primary) Division Summary Job Description The Information Security Engineer provides hands-on technical solutions to complex and detailed information security problems. This position provides technical leadership, design, installation, operation, service, and maintenance of a variety of information security systems. This individual ensures the proper deployment and management of solutions that support information security including virus detection, malware detection, intrusion detection and prevention systems, firewalls, and other security solutions.1. Serve as the principle IT engineer for design and implementation of cyber security tools that protect and monitor CNAA cents € (TM) s various IT infrastructures. Deploy and manage solutions that support the full information security environment including tools such as virus detection, malware detection, intrusion detection and prevention systems, and other network and information security tools.2. Actively coordinate with the Corporate Security Team and Technology Center staff to provide required IT security and monitoring capabilities.3. Manage the design, development, and deployment of IT solutions providing security engineering expertise and guidance. Define and coordinate security requirements within the various stages of the project development process.4. Lead and support technical design, engineering, and implementation of emerging security technology. Evaluate, recommend, and integrate new security technology and tools by conducting feasibility studies, proof of concepts, pilot projects, and other research and development initiatives.5. Research and evaluate current and emerging security technologies to support organizational cyber security objectives. Maintain advanced understanding of the strengths and weaknesses of various security tools. Evaluate vendor solutions against business requirements and provide recommendations to management.6. Provide subject matter expertise and guidance in the development of cyber security policy and practices. Apply knowledge of latest cyber security industry trends, technology tools and practices, and security threats to define cyber security processes and standards.7. Conduct self-assessments of security processes, security tools, networks, and systems. Identify weak controls and communicate vulnerabilities to Corporate Security and management.8. Participate with Corporate Security in incident response and forensic analysis.9. Provide training sessions and guidance to Infrastructure Team members and other Technology Center staff to ensure understanding of evolving information security environment. Provide accurate and thorough documentation of processes and procedures to ensure compliance and enable coverage during outages.10. Perform other duties as assigned. Job Requirements 1. Education: Bachelor's degree in Computer Science, Management Information Systems, Engineering, Computer Security, Information Assurance or related field is required. Advanced degree and additional DoD Information Security certification (GSLC, CISM, GSNA, is a plus.)2. Experience: Minimum of 10 years strong experience in Information Technology Security and related technology. Government or government contracting industry experience is a plus.3. Skills: Experience within multiple of the following areas required: computer networking, PKI, security engineering and architecture, programming, vulnerability assessments, or operating systems. Administration expertise with correlation and analysis of security and event log data, IDS/IPS, vulnerability scanners, endpoint protection, SSL Decryption, Data LossPrevention, penetration testing and protocol collection and analysis tools. Security focused Administration of Windows and Unix systems, network devices, proxy servers web server, virtualization, firewall, and DNS. Experience with programming and scripting languages and text manipulation tools. Strong troubleshooting skills in complex communication and network environments. Working knowledge of government security standards (eg, Risk Management Framework, NIST 800-171, DISA STIGs, DSS ODAA Process Manual, etc.)4. Other: Ability to lift 30 lbs. (eg, computer equipment), walk (to end user stations) and bend (to install and connect equipment). Must have the ability to obtain and maintain an active Secret security clearance and Security+ CE certification. Active Secret clearance preferred. Job Family Information Technology Requisition # NCER0651 CNA is an Equal Opportunity/Affirmative Action Employer, committed to diversity in the workplace. To be considered for hire, all individuals applying for positions with CNA must be US citizens and are subject to a background investigation. For positions requiring access to classified information, individuals will also be subject to an additional government background investigation, and continued employment eligibility is contingent upon the ability to obtain and maintain an active security clearance.