Sr. Information Security Engineer
(Visa sponsorship not currently offered)
Who is NICE Mattersight?
NICE Mattersight is a leader in enterprise analytics focused on customer and employee interactions and behaviors. We have analyzed over a billion interactions for leading healthcare, travel and hospitality, financial, insurance, tech, telecom, utilities and other clients, and built more than 10 million (and counting) behavioral algorithms that leverage a world-renowned personality model. The resulting products help employees and customers have smoother, faster, more productive conversations with each other—in short, better chemistry.
See What Matters™ by visiting www.Mattersight.com.
Who you are:
The Senior Information Security Engineer will be part of NICE-Mattersight’s Data Center and InfoSec organization, responsible for architectural design, planning, implementation, and hands on maintenance of enterprise operational defenses against security breaches and vulnerabilities. This individual is additionally responsible for maintaining and extending the existing suite of defenses, and the creation and maintenance of information security policies, standards, and procedures in concurrence with industry best practices. The Senior Information Security Engineer also participates as a member of the Mattersight Computer Incident Response Team (CIRT) to identify and resolve potential security incidents. The ideal candidate will be self-motivated with a proven track record in Information Security technologies and be comfortable in the dynamic atmosphere of a technical organization.
What you will do:
• Participate as a member of the Information Security team in developing and maintaining the organization’s security strategies.
• Own the architecture and management of Information Security systems, which include, but are not limited to: Centralized Logging, Intrusion Detection and Prevention, Vulnerability Testing, Penetration Testing, Encryption and Key Management, and Physical Security.
• Perform event/alert review and investigation from all collected systems and architectures, including but not limited to the following types: Windows and Unix operating systems, IDS, Web Applications, Anti-Virus, and File Integrity Monitoring.
• Act as a consulting resource to development teams to ensure that security is being adequately addressed during application development and deployment.
• Identify, create and maintain security-related documentation and tools.
• Maintain ongoing knowledge of information security technologies.
• Maintain and ensure confidentiality of company, client, and employee data.
• Attend and participate in staff, project and vendor meetings.
• Attend and participate in after hours and weekend maintenance as necessary.
• Participate in Incident Response investigations as a member of the CIRT.
What skills you bring to the table:
• Minimum of 5 years experience in Information Security or a security-related field.
• Experience with writing and maintaining tools in the powershell, bash, python, and ruby scripting languages.
• Strong demonstrated understanding of systems integration, web-based applications, and cloud-based technologies and architectures.
• Strong demonstrated knowledge of application testing methodologies and strategies.
• Experience with application design and development from business requirements analysis through to day-to-day management.
• Ability to work with development teams and individual developers to achieve desired results within defined parameters.
• Experience with Windows Server, Linux/Unix and/or network device administration.
• Demonstrated understanding of business requirements/drivers and the ability to integrate these into security initiatives and projects.
• Knowledge of ISO 27001/2, PCI-DSS, HIPAA, GDPR, or other information security rules and regulations.
• Knowledge of software development lifecycles and philosophies.
• Exceptional analytical and problem-solving abilities.
• Experience coordinating initiative efforts across geographically dispersed offices and project teams.
• Excellent understanding of project management principles.
• Highly responsible, motivated team player.
• Ability to set and manage priorities judiciously.
• Excellent communication and interpersonal skills.
• Expert attention to detail.
• Ability to produce clean, concise diagrams and documentation.
What differentiates you as the best:
• CISSP Certification, or the willingness and ability to obtain within twelve months.
• GCIH or similar industry-standard security incident handling certification or the willingness and ability to obtain within 6 months.
• Demonstrated experience with Amazon Web Services (AWS), Kubernetes, and similar cloud technologies.
• Experience working within the Agile framework and continuous delivery/continuous integration processes.
• Experience with enterprise security incident response, forensic investigation, and analysis.