Information Security Engineer III

Information Security Engineer III

About the Role

The Information Security Engineer III serves as a member of the NIST CISO Audit & Assurance team and will assist in the performance of internal audits, ensuring they comply with applicable Conduent and ISO security standards, regulations, and policies.

• The NIST security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units’ information, applications, and infrastructure.
• The resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities.
• This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units.
• Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as:
• IPS/IDS alerts; change detection (FIM) alerts
• application firewall alerts; malware alerts
• rogue wireless network alerts
• security system health alerts; exploit attempt alerts
• Participate and be an integral component of audit, compliance, and regulatory functions, including:
• audits of system security to ensure compliance with Corporate security framework
• NIST 800-53, ISO 27001/2, PCI-DSS
• emerging country, state, and Federal privacy laws
• Primary POC in a vulnerability management program of the account that includes:
• external and internal vulnerability scans of applications and systems
• external and internal penetration tests of applications and systems
• documentation and remediation of identified vulnerabilities and exploits
• routinely monitoring various communication avenues for security vulnerabilities and security patches
• taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments
• making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities
• Coordinate with business units, operations, and technology teams