Urban Science

  • Information Security Engineer

    Location US-MI-Detroit | UK-SRY-Reading
    Posted Date 2 days ago(6/20/2018 11:19 AM)
    Job ID
    2018-4033
    # Positions
    1
    Category
    Information Technology
  • Overview and Summary

    Urban Science is a business-solutions company focused on supporting the needs of the sales and marketing function of the automotive industry. We leverage a scientific methodology to help our client partner sell more vehicles, improve profitability and increase customer loyalty. And we do that by helping solve their toughest challenges including planning an optimal dealership network, improving individual dealer performance and efficiently converting sales leads into sales. In short, we guide business through science-and we’ve been doing this since 1977.

     

    POSITION OVERVIEW

    The IT Operations Senior Specialist is an integral part of the Urban Science Global Security Team and works closely with technical and business partners to maintain the confidentiality, integrity, and availability of global company and client information assets. The focus of this team member is to utilize technical tools and methods to detect, document, and report vulnerabilities, and work with asset owners to remediate risk throughout the urban science application, data, and infrastructure areas. The ideal candidate will have detailed knowledge of current and emerging security risks and remediation technologies, and be able to work fluidly with technical and non-technical information asset owners to improve the Urban Science security posture.

    Essential Duties and Responsibilities

    • Implement, operate, and maintain application, database, and network vulnerability scanning and management tools.
    • Conduct regular security audits, risk assessments, architecture reviews, and penetration tests of global information systems, processes, and security controls.
    • Detect and document technical and procedural vulnerabilities; communicate vulnerabilities to relevant parties.
    • Work with relevant individuals and teams to remediate vulnerability and risk.
    • Monitor, analyze, and respond daily to monitoring, IDS/IDP, SEIM data; coordinate responses with appropriate parties; manage risk events to closure.
    • Participate in problem management, change management, and corrective/preventive action processes.
    • Manage and lead incident management, documentation, investigation, and remediation activities with occasional after-hours support.
    • Conduct training as needed to provide knowledge and skills necessary to promote strong local security.
    • Remain aware of current and emerging threats, vulnerabilities, and response methods, as well as emerging security technologies.
    • Evaluate, deploy, and operate emerging security tools and technologies.
    • Document security systems and controls appropriately.
    • Works with manager in completing own annual goal setting and performance review in a timely manner.
    • Proactively communicates with upper management to provide updates and report issues in a timely manner.
    • Work with manager to complete additional duties as needed.

    Qualifications - Education and Experience

    To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skills, abilities, and competencies required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

    • Understanding and experience with risk management frameworks – e.g., ISO 27000, SOC2, ITIL, NIST, etc.
    • Experience with relevant technology and tools, such as: 
      • Penetration testing and related tools.
      • Application, database, and network vulnerability scanners/managers – e.g., CheckMarx, AppScan, VeraCode, Scuba, DBProtect, Nessus, McAfee Secure, etc.
      • Detection and remediation of database vulnerabilities – e.g., Microsoft SQL Server, Oracle, Mongo, etc.
      • Detection and remediation of application vulnerabilities and how to remediate them – e.g., injection, scripting, authentication, error handling, etc.
      • Understanding of Microsoft server and desktop operating systems.
      • Various network routing, switching, and firewall/IDP products – Cisco, CheckPoint, PaloAlto, etc.
      • SIEM and log management tools – e.g. LogRhythm, QRadar, RSA, or Splunk.
      • Automation/scripting experience strongly preferred – e.g., Python, Perl, C#, PowerShell, etc.
      • PowerApps, PowerBI, and PowerPoint a plus.
      • Microsoft office products – e.g., Word, Excel, etc.
    • Experience performing application, network, and database security reviews, and risk assessments.
    • Experience working in a collaborative environment with technical and non-technical information asset owners and teams to manage and remediate vulnerabilities.
    • Experience working with incident management, problem management, and/or corrective action processes, as well as (forensic) investigation techniques.
    • Ability to work effectively in a remote, virtual team environment.
    • Ability to operate in a highly confidential manner.
    • Knowledge of current technological developments/trends in area of expertise required. Connection with local security special information groups / organizations preferred. 
    • Knowledge and understanding of ITIL processes.
    • Time Management: Requires strong capability to prioritize competing demands, manage multiple concurrent tasks and run meetings on schedule.
    • Project Management: Project management skills required, including the ability to estimate work efforts, define work plans, delegate work, monitor progress and report schedule variances and scope changes.
    • Verbal Communication: Requires the ability to compose and verbally deliver information of varying levels, using appropriate grammar, tone, inflection and non-verbal cues, while also listening to and correctly deciphering verbal communication delivered by others.
    • Written Communication: Requires the ability and capacity to communicate ideas, facts and data in writing using appropriate grammar, syntax and sentence structure including the ability to create technical documents. 
    • Analytical Thinking/Reasoning: Requires the ability to understand a situation by breaking it apart into smaller pieces, and/or tracing the implications of a situation in a step-by-step causal way. 
    • Results Orientation: Requires the ability to strive for optimal results by taking responsibility for timeliness, commitment to task and adherence to performance standards.
    • Ethics/Integrity: Requires the ability to behave in a trustworthy & transparent manner.
    • Teamwork & Cooperation: Requires the ability to work cooperatively with others and be part of a team.
    • Self-Control: Requires the ability to keep emotions under control and to restrain from negative actions or behaviors. 
    • Customer Service Orientation: Requires the ability to understand and help/assist both internal and external customers and meet their needs.
    • Flexibility/Adaptability: Requires the ability to adapt to and work effectively within a variety of situations, individuals or groups, as well as understand and appreciate different and opposing perspectives.
    • Conceptual Thinking: Requires the ability to understand a situation or problem by putting the different pieces together to see the bigger picture.
    • Interpersonal Understanding: Requires the ability to understand other’s feelings and concerns, and to value individual differences in people.
    • Organizational Commitment: Requires the ability and willingness to align his/her own behavior with the needs, priorities and goals of the organization.
    • Relationship Building: Requires the ability to effectively build and maintain friendly, warm relationships or networks of contacts with clients/customers.
    • Assertiveness: Requires the ability and intent to appropriately display assertive behaviors to ensure others follow and comply with given directions.

    EDUCATION AND EXPERIENCE

    • Must have a baccalaureate degree in information technology, security, or related field, from an accredited U.S. college or university, or equivalent foreign institution. 
    • Must have a minimum of five years relevant work experience.

    CERTIFICATES, LICENSES, REGISTRATIONS

    One or more of the following certifications is desirable:

    • ITIL: Information Technology Infrastructure Library
    • CISSP: Certified Information Systems Security Professional
    • GIAC Certification(s) (Security Essentials, etc.)
    • CEH: Certified Ethical Hacking
    • CompTIA Security+

    WORK ENVIRONMENT
    The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

     

    This description is intended to describe the type and level of work being performed by a person assigned to this position. It is NOT an exhaustive list of all duties and responsibilities required by a person so classified. The job may require additional hours beyond a traditional 40-hour workweek.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed