Berkshire Hathaway Specialty Insurance (BHSI) has an exciting opportunity for a junior to mid-level IT professional, to join their Boston, MA or Stevens Point, WI team as an Information System Security Engineer.
In this newly created role, that offers an opportunity for significant growth potential, the Information System Security Engineer will take an active role in the execution of our IT Security solutions and integrations, while collaborating closely with both internal and external partners.
Expectations of the Role:
- Works closely with our external Managed Security Solution providers to aggregate security data and integrate with the BHSI response to security threats.
- Engage in assessing and mitigating vulnerabilities and determining root cause of security incidents.
- Assist with establishing security standards and best practices for the enterprise.
- Evaluate systems, network, and data to determine necessary security protocols and measures.
- Participates in application technical reviews to ensure IT solutions have properly followed our security processes.
- Analyzes system outages, alerts, and reports of abnormal system behavior due to suspected security-related events such as viruses, Trojan activity, and hacker intrusions.
- Assist with risk and security assessments to identity, implement, and manage security controls, policies, procedures and solutions.
- Participates in external forums (e.g. FS-ISAC, Berkshire Security Council) to help BHSI leverage knowledge and ideas from other sources.
- Compiles and validates security-related statistical data for management reporting.
- Assists in the development, implementation, and evaluation of a departmental security solutions, security-awareness training programs, and related materials.
- Assists in development and implementation of Business Continuity Plans and Disaster Recovery Plans.
- Work with our global infrastructure team to analyze security threats and recommend technical infrastructure upgrades to reduce security threats.
- Review and provide guidance for security configurations of Servers, Firewalls, VPN, Intrusion Prevention Systems, Routers and Switches
- Assists with maintaining chain of custody of electronic and physical evidence related to an IT security incident.
Requirements of Candidate:
Have 4-8 years’ experience working in an IT Security Engineering and/or Infrastructure Engineering function with proven competence in Cisco & Microsoft Networking Solutions as well as several of the critical IT Security topics listed below:
- Server and Workstation Security Management: Experience in server and workstation application security, e.g. e-mail, web, application, and database, security management comprised of implementing upgrades, patches, and updates to operating systems, software applications, and security protection software.
- Network Security Management: Experience in security elements of IT network planning, design, and analysis. Includes overseeing and assessing how we have implemented security tools and controls such as intrusion detection/prevention systems, sniffers, and firewalls.
- Identity and Access Management: Experience assisting with defining, testing, and implementing IT user provisioning and identity management solutions. Includes developing IAM policies, standards, and procedures; identifying appropriate access control techniques; analyzing and selecting IAM solutions.
- Security Incident Response Management: Experience providing technical assistance in computer security incident response for potential or actual information-security breaches or attacks. Includes detecting, analyzing, responding to, and reporting information security incidents; and familiarity with the chain-of-custody process.
- Risk Assessment Management: Experience performing IT security risk assessments. Includes assisting in developing and implementing business continuity and disaster recovery plans and in developing risk assessment reports of findings and recommendations for remediation.
- Policy and Compliance Management: Experience assisting with developing and implementing IT security policies and standards. Includes assisting in monitoring for compliance.
- Application Security management: Experience in supporting development teams in the use of code analysis tools and application security best practices.
- Security Awareness Training: Experience assisting in developing, implementing, and evaluating IT security awareness training programs and related materials. Includes assisting in reporting of training compliance.
NOTE: This job description is not intended to be all-inclusive. Team members may perform other related duties as negotiated to meet the ongoing needs of the organization.