Information Security Operations Engineer

Meredith Corporation in Des Moines, IA

  • Type: Full Time
position filled

Job Description

Job Summary | Major goals and objectives.

The Information Security Operations Engineer position helps protect Meredith brands and Meredith client brands against various security risks and attack methods. This individual is a member of the Meredith IT Security team and works cross-functionality to respond to threats that may arise against our technology and application resources.

Essential Job Functions

50%:

Incident Response-Blue Team:

Defend, monitor and respond to security indicators by correlating and analyzing a variety of application, network and host-based security logs across various computing environments (on-premise, cloud, SaaS, etc.) and determine the correct remediation actions and escalation paths for each incident. Configure, implement, and optimize security protection and detection capabilities such as vulnerability scanning, configuration compliance scanning, firewall reviews, intrusion prevention/detection systems, internet protection and log management infrastructure. Appropriately instrument systems and applications to detect and alert on attacks, and coordinate with security tools and automation to implement automation for detection, escalation and remediation. Perform risk analysis of vulnerabilities and threats and evaluate efficiency of existing protection and detection mechanisms. Evaluate new and emerging technologies for appropriateness, fit, and functionality with our current technologies, and the strategic plan. Use experience and knowledge from attacks to work with our infrastructure and applications teams to reduce the attack surface and harden configurations, architectures and data storage structures. Design, develop and implement automated incident response methodologies. Conduct incident response exercises and cyber defense drills to evaluate and improve processes related to threat detection, incident response, patching and remediation. Provide information regarding intrusion events, security incidents, and other threat indications and warning information to teams and leadership as part of incident response. Author post mortem reports to be provided to senior leadership following an intrusion or red team engagement. Creates and maintains a working relationship with business partners, IT teams, local and federal officials and vendors.

20%:

Threat Analysis:

Perform threat hunting exercises using threat intelligence, analysis of anomalous log data and results of historical events and data to detect and respond to threats. Maintain awareness of new and emerging security threats. Develop anomaly detection dashboards and reports to identify potential threats, suspicious activity and intrusions. Research industry trends, identify ongoing security threats, analyze new security testing tools, and provide recommendations on the need and usefulness of services and/or products. Gather threat intelligence and build, optimize, and develop systems for effective and efficient security response. Consult and provide risk management recommendations with cost analysis based on environment. Develop and design technical recommendations and execute remediation and mitigation strategies.

15%:

Security and Compliance Operations:

Performs daily operations and execution of security-related tools, processes and controls related to security prevention and defense initiatives. Supports solutions such as network proxies, intrusion detection/prevention systems, remote access, multi-factor authentication, security event monitoring, infrastructure and system hardening, patch deployment and vulnerability management. Help coordinate and drive remediation of identified risks and control deficiencies. Serves as technical and functional subject matter expert across multiple security domains, raising awareness and communicating security risks within the company. Help lead incident response and technical investigations, as assigned.

15%:

Customer Service:

Provide prompt, courteous and professional customer service, and collaborate with business and technology staff to support Meredith Corporation objectives. Serves as technical and functional subject matter expert across multiple security domains, raising awareness and communicating security risks within the company. Supports projects to ensure they are delivering on time, cost effective solutions that meet security and functional specifications. Effectively communicate security concepts with both technical and non-technical individuals.

Minimum Qualifications and Job Requirements | All must be met to be considered.

Education:

Bachelor’s Degree in Information Assurance, Computer Science, Engineering or equivalent education and experience.

Industry certification such as CISSP, CASP, GCIA, GCIH, GPEN, GCFA, CEH, CISA, CISM is a plus.

Experience:

Five or more years of experience in Information Security and two years’ experience as a member of a Security Operations Center (SOC) or investigating security incidents.

Specific Knowledge, Skills and Abilities:

  • Working knowledge of IT environments including IT secure architecture, security technologies, security industry trends and direction, system and technology integration, audits, internet security, computer crimes and IT standards, procedures and policies.
  • Highly experienced working on Information Security Incidents, investigation, containment and remediation.
  • Experienced working within a fast-paced incident response team with knowledge of log correlation, forensics, security vulnerabilities and exploits.
  • Experienced deploying security solutions, architecting detection and response solution to mature capabilities.
  • Deep understanding of threats, threat actors, and indicator of compromise.
  • Experienced with maturing strategic and tactical aspects of the Threat Intelligence program.
  • Knowledge of the chain of custody process and properly securing evidence.
  • Understanding of OWASP top 10, SANS top 25, and other attack vectors.
  • Proficient with various scripting and programming languages.
  • Proficient with identification and remediation of security vulnerabilities.
  • Experience performing web application security/penetration testing in accordance with well-known methodologies.
  • Basic knowledge of IT audit and control, governance, asset management, software licensing, product and vendor evaluation, and training delivery.
  • Working knowledge of IT systems management including change control, software process improvement, and technical writing/documentation.
  • Experience with regulatory requirements related to SOX, Privacy legislation and PCI.
  • Working proficiency of various technology tools.
  • Ability to work cooperatively and professionally with co-workers, customers and management.
  • Strong verbal and written communication skills in order to interact effectively at all levels of the organization.
  • Self-motivated and passionate about continuous improvement of security and development practices.
  • Problem-solving skills to determine the programming effects on existing systems.
  • Good decision-making skills.
  • % Travel Required (Approximate): Less than 5%

    It is the policy of Meredith to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Meredith will provide reasonable accommodations for qualified individuals with disabilities.


    You may be interested in these similar jobs!
    Network Engineer
    LATITUDE in Des Moines, IA

    Growing Government Contractor is looking for an additional Network Engineer to join their team.This position serves as a member of a four-person Netw…

    Read More
    Information Security Engineer
    SCORE Silicon Valley in West Des Moines, IA

    Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upl…

    Read More
    Enterprise Password Services - ISE
    SCORE Silicon Valley in West Des Moines, IA

    Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upl…

    Read More
    Senior Network Operations Engineer
    Citizens Bank in Johnston, IA

    Under the direction of the Manager of Network Infrastructure Operations, manage a team of Network/Security Infrastructure Operational Engineers/Tech…

    Read More
    Information Security Engineer 4
    Wells Fargo in Hartford, IA

    Job DescriptionImportant Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your…

    Read More
    Technology Solution Engineer
    SCORE Silicon Valley in Des Moines, IA

    Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upl…

    Read More
    Info Security Engineer
    SCORE Silicon Valley in West Des Moines, IA

    Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upl…

    Read More
    Info Security Engineer 5 - Platform Security Services
    Wells Fargo in Grimes, IA

    Job DescriptionImportant Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your…

    Read More
    Systems Security Administrator
    Robert Half in Des Moines, IA

    Description Qualifications:Looking for: Associate's or Bachelor's degree with a preference in a computer science, technology, engineering, or math re…

    Read More
    DevSecOps Senior Engineer
    Deloitte in Des Moines, IA

    Position summary Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information…

    Read More