Information Security Engineer

The Information Security Engineer must display an excellent understanding of technology infrastructures using Firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, servers, desktops and Security Audits. This position provides leadership to efforts that are large and cross department boundaries. This position is responsible for monitoring the IT security infrastructure in a corporate network. The Information Security Engineer will articulate technical security requirements, monitor the effectiveness of the existing IT security controls framework, and raise the level of security awareness and policy compliance among workforce members.

What You Will Be Doing

• Works directly with Information Security Manager and others in the planning, development, and maintenance of corporate data security plans, policies, and procedures. Helps to identify and document business unit information security requirements and ensure corporate information security plans comply with regulatory requirements.
• Work directly with all members of the Information Security Group and other applicable departments to develop an efficient, effective security organization that uses repeatable and defined processes, standards, and procedures.
• Facilitate penetration testing and audit participation, where applicable. Participate in the collection of security process/control details and artifacts in support of internal and external IT audits and assessment activities.
• Work directly with business partners to properly establish site-to-site VPNs.
• Develop an implementation plan for projects needing access both in and out of the network along with assessing the risk around the project. This could be achieved by a risk assessment or actively testing the application for issues.
• Formalize processes used to define security boundaries around information systems and applications to assess risk, and establish security requirements and documentation.
• Monitor all authorities, permissions, Firewalls, event logs, and other administrators for all platforms to identify abuse/misuse of elevated privileges.
• Provide notification, input, or research to Information Security Manager for issues of actual or suspected security fraud, violations, or abuses.
• Collaborate with Information Security practitioners, Technical Support Center staff, and others as appropriate to ensure the security of the network infrastructure, servers, desktops, peripherals, and mobile computing devices.
• Assist the Information Security Manager in the continuous review, evaluation, and rollout of security tools and security administration tools. Configure, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to IDS/IPS (Host/Network/Wireless), cloud based technologies, data loss prevention, firewalls, log management/correlation (SIEM), secure password storage/retrieval, application whitelisting, and vulnerability management.
• Provide leadership in the identification, response, investigation, and remediation of potential breaches of and issues surrounding data security.
• Ensure security best practices are identified and integrated into all facets of projects, including network, system designs/configuration, and implementations.
• Establish and maintain Information Security related disaster recovery plans, and participate in the planning and execution of scheduled exercises.
• Maintain current understanding of regulations and guidelines regarding information security. This includes the continuous professional development of banking and information security standards and best practices and to maintain technological currency in network, client server, and internet/intranet platforms.

• Bachelor's degree or equivalent from four-year College or university, technical or business related degree is preferred
• Minimum of five years data processing, audit, security or related experience and/or training; or equivalent combination of education and experience.
• Security Plus certification required
• Possesses proven technical abilities, demonstrated leadership, business expertise and superior past performance.
• Strong Windows and Linux skills required
• Impeccable organizational and analytical skills required.
• Experience with the following technologies and concepts are highly recommended:
  • Privileged Access Management
  • Identity and Access Management
  • Network Access Control/Segmentation
  • Application Whitelisting
  • Cloud Computing and Architecture
  • Vulnerability Management
  • Build and Management of Virtual Servers and Workstations

Be a part of a growing company that is truly committed to its employees and clients. Consider joining the First Bank family. As a member of our family, you are part of one of the largest independent banks in the U.S. We are proud of our growth and success over the past 100 years and look forward to a bright and promising future.

At First Bank one of our biggest strengths is the diversity of our people. Our mission is to capitalize on the diversity of our associates and promote personal and professional development throughout every area of the organization. We encourage diversity by actively seeking employees from various backgrounds, walks of life, and job skills. We strongly encourage you to apply whenever a First Bank job opportunity interests you.

First Bank is a VEVRAA Federal Contractor and an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

We offer a hybrid work schedule which includes a minimum of two days in the office at our Headquarters in Creve Coeur Headquarter and up to three days working remotely.

None