Must be local to the Dallas Fort Worth area only please. Also, no third parties please. This is a contract to hire situation. 2 to 6 months before going perm.
The Security Engineer works with infrastructure, security architecture, and business teams to design security into each phase of the system lifecycle including; risk assessments, requirements analysis, system design, configuration, deployment, maintenance, and monitoring
RESPONSIBILITIES:
* Create system-level security architecture and design which includes definition of technical security controls (eg, access control, authentication, encryption, deterrence measure, etc) and definition of non-technical security controls (eg, process and procedure) necessary to achieve the security requirements.* Execute a cost/benefit analysis for various security design elements. This will enable the business owner to evaluate various cost/benefit trade-offs. * Assess and document how to mitigate key application vulnerabilities.* Design and configure application level security and Middleware level security ie authentication, encryption, auditing/logging, PKI, etc. * Define detailed technical security design, which will articulate specific integration with security technologies such as DMZ, firewalls, proxy, and intrusion detection system. * Design detailed security processes and procedures. This includes specific technical security standards and configuration procedures for appropriately hardening the system (servers and applications). This also includes documentation for a user administration process and required monitoring.* Test detailed security configuration to ensure it complies with technical standards and meets system performance and production load requirements.
JOB REQUIREMENTS
* Requires 5-7 years of relevant experience in a multi-platform and networked environment. * 4-year degree in MIS, business, or engineering is preferred. * CISSP certifications is required. * Mus be a quick learner and be able to analyze the security components of complex multi-layered computer systems (applications layer, Middleware layer, and infrastructure layer). * Must have an understanding of technical and process security controls and their appropriate incorporation into business systems. * Strong impact and influence skills are required.* Able to focus on teamwork and the ability to escalate unresolved issues to management in both technical and non-technical terms required.
Knowledge and Experience:
* Windows 2008 and Windows 2003 server platforms* Common Internet protocols and their vulnerabilities: HTTP; HTTPS; FTP, Telnet, SMTP, ICMP, SNMP * Security technologies: encryption, cryptography, public key infrastructure (PKI), Firewall services and features, proxy, virtual private networks (VPN), remote access connectivity solutions such as dial-up, ISDN, and RAS, and intrusion detection systems.* Email systems: Lotus Notes, Exchange, and Simple Mail Transfer Protocal (SMTP)* Techniques and tools used to secure/harden a server*s operating system and applications running on the server* Information risk management analysis process: information asset identification, threat and vulnerability analysis, technical and process control evaluation* Advanced ability to troubleshoot and solve complex problems relating to multi-layered computer systems* Advanced oral and written presentation skills* Advanced skill in the development of security standards and operational processes as well as the ability to effectively document the information as an Enterprise standard