BUILD YOUR FUTURE, WHILE PROTECTING THEIRS.
You will be challenged. Rewarded. And valued for your unique experience, background and perspective.
Join a team where hard work pays off and original thinking is celebrated. As you build your future at Westfield, you will quickly learn that protecting our customer’s future is at the heart of what we do. We deliver on our promise to help restore lives and rebuild businesses when the unexpected happens. Building relationships has been a part of our culture since 1848.
Be a part of a team that recognizes and appreciates those who take initiative, seek opportunity and strive for innovation in a changing world. Information Security Engineer 1 Job Summary
Salary Range: $70,516.00-$81,094.00-$91,670.00
The Information Security Engineer 1, working under general supervision, operates the information security systems and technical security controls across the company. This role researches, recommends and implements changes to enhance information systems security and monitoring capabilities. This role identifies and investigates anomalies and produces status reports and metrics reflecting the current state of security within the company. This role encompasses a minimum of two of the following domains:
• Vulnerability Management
• Incident Response and Forensics
• Security Monitoring
• Services security: including email, web and internal networking, malware detection and remediation
• Firewall and Intrusion Prevention Support Essential Functions (primary functions and/or reasons the job exists in order of importance)
1. The Information Security Engineer operates the information security systems and technical security controls across the company including: research, recommendations and implementation.
2. Responsible for the security event management process including monitoring, logging, alerting, auditing and reporting on threats, vulnerabilities and breaches. Determines the appropriate thresholds and monitors the environment for anomalous behavior using SEIMS, VMS and IPS/IDS.
3. Responsible for activities involved with e-discovery data collection tasks, coordinating information security investigations, performing computer forensics and the organization and presentation of electronic forms of evidence.
4. Coordinates exercises and tabletops to validate performance of information security incident response plans and process.
5. Conducts training and awareness activities that promote the computer incident response process and plans focusing on what comprises an information security incident and what should be done if one occurs.
6. Coordinates internal and external focused information security assessments to provide for an independent validation of the company’s state of security. Tracks and communicates these assessment findings.
7. Identifies and produces metrics and scorecards that represent the current state of information security related vulnerabilities and mitigating controls.
8. Identifies and evaluates potential threats and vulnerabilities (either detected internally or publicly announced) that could impact the company’s applications or infrastructure and recommends mitigating controls to reduce the company’s risk.
9. Conducts reviews of security related device configurations (i.e. Firewall Rulesets, Router/Switch configurations, etc.) to identify insecure or out of compliance configurations. Reviews security configurations and functionality of intranets, servers, applications, databases, and other relevant parts of the company’s infrastructure.
10. Maintains and grows knowledge and understanding of information security, risk management and regulatory compliance topics. Maintains professional/technical currency of information security knowledge.
11. Provides subject-matter expertise and support to project teams as needed.
12. Participates in security compliance efforts (e.g., PCIDSS, SOX).
13. Develops and delivers training materials and perform general security awareness and specific security technology training.
14. Participates in tier 2 security operations support.
15. Travels occasionally in order to participate in special assignments, training, and/or travel between office locations. Desired Qualifications/Experience/Certification/Education (in order of importance)
1. 3 or more years of information security experience.
2. Experience with vulnerability management toolsets, hacking toolsets and security event management systems gained via previous work experiences.
3. Experience conducting threat and risk assessments of IT systems, applications, and networks gained via previous work experiences.
4. Understanding of current information security techniques and technologies as well as the methods used in performing risk analyses and assessments.
5. Demonstrated proficiency in computer and systems skills.
6. Ability to maintain and update documentation necessary for supporting security environments.
7. Ability to respond to emergency service calls at any time outside of normally assigned work hours.
8. Familiarity with the following technologies: authentication, authorization, privilege management, access control, firewalls, virtual private networking, computer network defense, firewall and router configuration, switches, secure network architecture, VPNs, PKI, TCP/IP,IPSEC, SSL, SSH, VPN, Ethernet, SMTP, FTP, WAN, Radius, F5, XML, HTML, SNORT, Sniffer technologies, Windows OS, Solaris, AIX, HP-UX, Linux, Active Directory, LDAP.
9. Systems Security Certified Practitioner (SSCP) certification.
10. Working towards or has obtained the following certification: Certified Information Systems Security Professional (CISSP).
11. Excellent oral, written and interpersonal skills, resulting in the ability to interact with all levels of management and employee population.
12. Bachelor’s Degree in Information Technology or commensurate experience.
13. Valid driver’s license and a driving record that conforms to company standards. Physical Requirements (specific to the role)
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
• Ability to work effectively in an office environment for 40+ hours per week (including sitting, standing and working on a computer for extended periods of time).
• Ability to communicate effectively in a collaborative work environment utilizing various technologies such as: telephone, computer, web, voice, teleconferencing, e-mail, etc.
• Ability to respond to emergency service calls at any time outside of normally assigned work hours.
• Ability to travel as required.
This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management. Westfield offers a Total Rewards program that focuses on compensation, benefits and wellness, and includes perks like 401(k), pension plan, annual incentive, education reimbursement, flex-time, onsite fitness center and casual dress. Work-life balance, recognition, and learning and career development are all part of a rewarding career with Westfield.
To learn more about Westfield and the opportunities available, please visit us at westfieldinsurance.com. We are an equal opportunity employer/minority/female/disability/protected veteran.