Sr. IS Security Engineer
El Segundo, CA

Job Description

What we need:

The Senior Information Security Engineer will participate in establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. An up-to-date understanding of the latest security threats, trends, and network security technologies is critical. Experience with security solution implementations and management in an enterprise environment is important.

What you will do:

* Under the direction of Information Security Management, develop strategies and plans to achieve security requirements and address identified risks.
* Assist in the development of security architecture and security policies, principles and standards.
* Gather, analyze and assess the current and future threat landscape, and assist in providing leadership with a realistic overview of risks and threats in the enterprise environment.
* Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
* Perform security testing and vulnerability assessments to identify security strengths and weaknesses, to assess the effectiveness of existing controls, and to recommend remedial action.
* Perform incident management and response activities as a member of the organization's incident management team. As required, assist in triage, response and mitigation, post mortem analyses, and forensic analyses.
* Review audit trails, system logs, and other monitoring data sources regularly and ensure they are compliant with policies and audit and regulatory requirements.
* Supervise vulnerability exception process and facilitate updates among stakeholders.
* Work and coordinate with management and department heads across the enterprise.
* Responsible for formulating security operation metrics.

What you need to have:

* An undergraduate degree is required, preferably related to security, technology, engineering, or other relevant area.
* One or more professional certifications preferred (e.g., CISSP, CISM, CISA, CRISC, CEH, G-PEN, OSCP, G-SEC, etc.) but not required.
* 7-10 years of IT or network security experience with a passion for Information Security.
* In-depth knowledge of risk assessment methods and technologies.
* Proficient use of various tools and techniques, including risk, business impact, control and vulnerability assessments, used to identify business needs and determine control requirements.
* Excellent technical knowledge of Microsoft Windows operating systems, Active Directory, and a wide range of security technologies, such as network security appliances, identity and access management systems, privileged access management systems, anti-malware solutions, automated policy compliance, logging and filtering tools, and desktop security solutions.
* Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts.
* Experience in system and application technology security testing, including static and dynamic code review, vulnerability scanning and penetration testing.
* Familiarity with router and firewall operations and maintenance.
* Ability to interact with personnel at all levels and across all business units/organizations, and to understand business imperatives.
* Strong knowledge in of all core internet protocols (e.g., TCP/IP, DNS, SMTP, HTTP etc.)
* Experience working with security tools such as IDS/IPS, SIEM, DLP, CASB, vulnerability scanning, laptop data encryption, endpoint data protection, and application penetration testing.
* Understanding of common operating systems, network devices, databases, web applications, and their vulnerabilities.
* Detail oriented and organized to accomplished detailed task.
* Communicate best practices in vulnerability management across the enterprise and help create security advisories associated with new and emerging vulnerabilities.
* Able to write effective communications and documentation in a compliance-regulated environment.
* Excellent planning, organizational, analytical and interpersonal skills.
* Web application and source code testing a plus.
* Experience in the financial industry a plus.

What we give you in return:

Our competitive Health program offers a comprehensive benefits package that supports healthy lifestyles, preventative care and helps to protect against hardship. Our retirement plan offers our employees the opportunity to plan ahead for a strong financial future well beyond their working years.

About Cetera Financial Group

Cetera Financial Group® ("Cetera") is a leading network of independent retail broker-dealers empowering the delivery of objective financial advice to individuals, families and company retirement plans across the country through trusted financial advisors and financial institutions. Cetera is the second-largest independent financial advisor network in the nation by number of advisors, as well as a leading provider of retail services to the investment programs of banks and credit unions.

Through its multiple distinct firms, Cetera offers independent and institutions-based advisors the benefits of a large, established broker-dealer and registered investment adviser, while serving advisors and institutions in a way that is customized to their needs and aspirations. Advisor support resources offered through Cetera include award-winning wealth management and advisory platforms, comprehensive broker-dealer and registered investment adviser services, practice management support and innovative technology.

* "Cetera Financial Group" refers to the network of retail independent broker-dealers encompassing, among others, Cetera Advisors, Cetera Advisor Networks, Cetera Financial Institutions, Cetera Financial Specialists, First Allied Securities, Girard Securities, The Legend Group and Summit Brokerage Services.

Cetera Financial Group is committed to providing an equal employment opportunity for all applicants and employees. For us, this is the only acceptable way to do business. Accordingly, all employment decisions at the Cetera Financial Group, including those relating to hiring, promotion, transfers, benefits, compensation, and placement, will be made without regard to race, color, ancestry, national origin, citizenship, age, physical and/or mental disability, medical condition, pregnancy, genetic characteristics, religion, religious dress and/or grooming, gender, gender identity, gender expression, sexual orientation, marital status, U.S. military status, political affiliation, or any other class protected by state and/or federal law.

Agencies please note: this recruitment assignment is being managed directly by Cetera's Talent Acquisition team. We will reach out to our preferred agency partners in the rare instance we require additional talent options. Your respect for this process is appreciated.