Information Security Engineer is primarily responsible for implementation and ongoing management of security systems and infrastructure within ISFMT Information Systems organization.

Primary responsibilities include administration and management of the department’s security technologies like Firewall, IDS/IPS, Web Security, URL Filtering, VPN, Anti-Virus, Identity Management, Security Incident Event Manager (SIEM), Security Testing tools, Vulnerability Assessment of in-house and third-party or hosted application and infrastructure.

Roles and Responsibilities:

• Implement, manage, maintain, and optimize enterprise infrastructure security solutions

• Perform vulnerability assessments, penetration testing, and assist with remediation efforts

• Report to ISFMT management concerns of residual risk, vulnerabilities, and other security exposures

• Receive and appropriately review and implement changes to various IT Security infrastructure, systems configurations to effectively prevent or resolve security events or threats as assigned or otherwise needed

• Use current information security technology disciplines and industry standards to ensure confidentiality, integrity, and availability of information assets

• Serve as the security contact, responsible for working with other teams to deliver robust and secure-by-design applications and infrastructure

• Directly participate in the utilization, maintenance and optimization of IT Systems for Endpoint, Network, Infrastructure, Application and Data security

• Provide expertise in adoption of ISFMT Information Security policies, procedures and guidelines

• Train and educate users on new or modified system configurations, policies, operating procedures and security controls as they affect business processes

• Maintain IT security systems integrity and availability by performing regular system upgrades, patch updates, and configuration changes

• Develop and maintain appropriate system and process documentation

• Participate in the security incident response efforts and other security investigation activities as assigned. Co-ordinate remediation with an appropriate sense of urgency and criticality.

• Review and respond to security events and alerts generated in a Security Information and Event Management (SIEM) system

• Conduct proactive threat research

• Analyze potential impact of new threats and exploits, develop and implement solutions to mitigate those threats, and communicate risks to relevant business units

• Assist with the development, implementation, and management of security controls, processes, and policies as a result of analysis, research, and recommendations

• Collaborate across teams to build and maintain creative solutions to security problems

• Evaluate new technologies and processes that enhance security capabilities

• Recommend and design security controls to support the data security needs of systems being developed or acquired.

Skill/Job Requirements:

• Minimum 5 years of experience in engineering and administration of various IT Security technologies

• Bachelor’s degree in computer science or related field, or equivalent work experience

• Experience implementing, configuring, and supporting Cisco, Palo Alto Networks, McAfee, Splunk, Rapid7, SailPoint security solutions

• Strong working knowledge of infrastructure technologies such as Windows and Linux operating systems; Virtual Infrastructure operations (VMWare / Citrix) database configuration and security; active directory; vulnerability assessment; networking protocols and topologies; security architectures; and incident management

• Excellent written and verbal communications skills. Must be able to communicate effectively with all levels of staff and end users

• Familiarity with and ability to apply Information Security and Governance Frameworks such as ISO 27000

• Excellent troubleshooting and analytical skills

• Demonstrate integrity, accountability, innovation, and reliability

• Demonstrate effective teamwork and working relationships with others

• Expert knowledge of security issues, techniques and implications across all existing computer platforms.

• Strong team-oriented interpersonal and communication skills; ability to present and discuss technical information

• Ability to work well under minimal supervision.

• Experience working with multiple operating systems

• Experience securing scalable architectures and distributed systems

• Experience securing cloud based infrastructures

• Expert experience in evaluating and assessing security threats across a variety of environments and industries

• Must be self-driven and motivated

• Flexible, adaptable, and able to manage multiple tasks in a dynamic, fast-paced environment

• Hands-on information security experience with security engineering, network security, and computing platform security

• Cybersecurity Industry certification preferred

上班地址：上海