Director of IT Security Engineering
IT Security Engineering Summary PenFed is looking to hire a Director of IT Security Engineering in Chantilly, VA. The primary purpose of this job is to manage and lead a group of IT Security Engineers in the implementation and monitoring of the IT Security management environment and staff, to ensure an effective security posture for servers, workstations, network devices and applications. Essential Functions Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned.
- Develop, implement, and administer a comprehensive program to ensure security by proactively preventing security vulnerabilities through effective configuration, management, testing, and monitoring of all points of vulnerability.
- Identify foreseeable data security risks, implement security initiatives, and maintain heightened readiness to react to emerging threats.
- Coordinate the management of information security systems such as firewall and intrusion detection systems, in support of incident monitoring and response.
- Direct and conduct testing and auditing of information security measures to verify compliance with information security policies and standards.
- Lead a team in the administration of network and computing security devices/systems that enforce security policies and audit controls in Windows, Mac, and Unix based environments, as well as institute SIEM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensics software, and security incident response.
- Research, test, develop, deploy, and support hardware and software related to network application security. Coordinate security patch deployment and tracking overall activity related to security implementations across systems and support groups.
- Develop, administer, and ensure IT information security policies, standards, and procedures for PenFed and subsidiaries.
- Contribute to the establishment and enforcement of the security standards for all assets connecting to the corporate network.
- Promote staff professional development, communicate with customers and colleagues, provide leadership in developing IT security strategy for the enterprise, as well as providing security program management and support.
- Create process flows, identify potential gaps and/or inconsistencies, and make sound recommendations for improvement or mitigation.
- Assist PenFed security and legal entities with confidential security incidents including response, analysis, forensics, and investigations and assist in the development of baseline system security standards.
- Provide management on-call and off-hours support as needed.
*This role is responsible for ensuring business continuity.*Education and Experience Equivalent combination of education and experience is considered.
- Bachelor’s Degree in Information Technology, Computer Science, Business or related field is preferred.
- Master’s Degree in Information Assurance or Cyber Security is a plus.
- Minimum of seven (7) years’ of experience in IT Management with at least three (3) of those in a technical security management role are required.
- Knowledge of security management practices and tools (ISO 27001) and risk management methodologies (ISO 27005, OCTAVE, and NIST RMF) is preferred.
There are no additional certifications required.