Information Security Engineer III

Information Security Engineer III

About the Role

The Information Security Engineer III serves as a member of the NIST CISO Audit & Assurance team and will assist in the performance of internal audits, ensuring they comply with applicable Conduent and ISO security standards, regulations, and policies. The internal auditor will be professional, independent, impartial, and fair in all interactions.

• The NIST security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units’ information, applications, and infrastructure.
• The resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities.
• This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units.
• Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to:

+ IPS/IDS alerts; change detection (FIM) alerts + application firewall alerts; malware alerts + rogue wireless network alerts + security system health alerts; exploit attempt alerts

• Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to:

+ audits of system security to ensure compliance with Corporate security framework + NIST 800-53, ISO 27001/2, PCI-DSS + emerging country, state, and Federal privacy laws

• Primary POC in a vulnerability management program of the account that includes:

+ external and internal vulnerability scans of applications and systems + external and internal penetration tests of applications and systems + documentation and remediation of identified vulnerabilities and exploits + routinely monitoring various communication avenues for security vulnerabilities and security patches + taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments + making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities

• Coordinate