At Fortive, we believe in you. We believe in your potential - your ability to learn, grow, and contribute in meaningful ways. We believe in the power of great people working together to innovate and solve problems no one could solve alone. We build enduring partnerships with our customers and take on their challenges and opportunities as our own.
The Information Security Engineer oversees cybersecurity, incident response, and computer network defense for the ASP Company. As an integral part of the team, the Information Security Engineer will focus on preparing, defending, preventing, and reacting to cybersecurity incidents and building out the infrastructure required to enable effective defense in depth, and meet the required enterprise security and compliance standards. Candidate should be a strong leader with the ability to work cross-functionally in a global environment.
* Contribute to the development of the company-wide information security infrastructure.
* Facilitate meetings and workshops to help define corporate processes and needs around incident response.
* Identify gaps in the security posture and work with the team to mitigate or remediate them.
* Maintain a thorough knowledge of attack vectors and methodologies and how to mitigate them.
* Leverage attack and vulnerability scanning tools to test, and enable the various teams to test, the organization's assets for vulnerabilities.
* Interface with other departments and resources as a SME for security related concerns or input.
* Respond to security alerts and work with the appropriate teams to investigate and triage them
* Maintain a list of critical systems, applications, and information needed for prioritization and incident response
* Track and manage security exceptions
* Work with the ASP and Fortive teams to identify, calculate, and reduce risk
* Work with product and commercial teams to implement security controls, validations, best practices, and enable mechanisms for incident response and data breach detection
* Minimum 5 years' experience in the field of incident response or security engineering. College degree(s) in relevant technical programs may substitute a portion of the experience.
* Minimum 3 years' experience in at least 3 of the following areas:
* Network intrusion analysis * Computer Incident Response, Windows * Penetration Testing or Security Assessments * Malware analysis for detection and response * Identity and Access management technologies and techniques * Vulnerability scanning (Qualys, Nessus, Nexpose, Retina) * SANS GIAC Certification at the 500 level or above in one or more of the following: GCIH, GCIA, GCED, GPEN, GSNA, GCFA, GWAPT * Ability to travel globally as needed for incidents and meeting with business/IT staff for projects up to 25%.
* Experience working on a global CIRT, or global security engineering team.
* Strong verbal and written communication skills. Ability to effectively communicate and translate highly technical information in a professional manner at all levels.
* Comfort working in a team, talking to clients, mentoring colleagues, and documenting processes.
* Aptitude for learning and capable of working in a fast-paced environment.
* Ability to produce high-quality deliverables while working independently or as part of a team.
* Self-directed, proactive and curious.
* Experience in several of the following areas:
* Computer Incident Response, Linux * Network Intrusion Prevention/Detection systems * Network Firewall management or deployment * Host/Server secure configurations and hardening * Network device secure configurations and hardening * Host IDS/IPS/FW configurations * Host detection and response tools (Carbon Black, McAfee, Trend, etc.) * System administration on Linux, Unix, Windows * TCP/IP based network communication * Network protocol security * Cloud computing and SaaS, PaaS, IaaS experience
Let your dream job find you.
Sign up to start matching with top companies. It’s fast and free.