Apply on Employer Site

Columbia Bank New Jersey · 2 weeks ago

Security Engineer II

Fair Lawn, NJ

Full-time

Hybrid

Mid, Senior Level

$102K/yr - $153K/yr

5+ years exp

Columbia Bank is looking for a Security Engineer II to manage day-to-day security operations and oversee various security practice areas. The role includes maintaining security controls, responding to threats, and supporting incident response efforts while ensuring the security of the bank's systems and data.

BankingFinancial ServicesMortgage

Responsibilities

Executes, enhances, and creates/maintains documentation for security operations processes

Responsible for ownership over one or more security practice areas and leads the assessment of security processes, platforms, and practices to identify areas for improvement

Supports incident response efforts by reviewing security events and escalations, performing investigations, and seeing matters through to resolution

Collaborates with technology and business organizations as appropriate

Performs ongoing security platform maintenance including health monitoring, troubleshooting, tuning, and upgrades

Assists in implementing and operationalizing new security solutions. Coordinates with internal and external resources as required

Develops and analyzes security related content - reports, alerts, dashboards, and metrics - to gain insights from the Bank's systems, platforms, and data

Utilizes content outputs to drive subsequent action plan through to completion

Assists in the management of small to medium sized projects according to project management schedules

Stays abreast of relevant industry related developments, trends, and threats

Commits to ongoing professional education and development in the Information / Cyber Security field

Performs other job related duties as assigned

Qualification

Security OperationsIncident ResponseSecurity Platform ManagementVulnerability ManagementRisk AssessmentSecurity ArchitectureNetwork SecurityData SecurityScripting LanguagesProfessional DevelopmentCommunication SkillsProject Management

Required

Bachelor's degree in an IT related discipline required

5 - 10 years of experience in information technology, information security, risk, or similar field

5+ years of experience in an information security role

3+ years of engineering experience

Relevant industry certifications and/or advanced degrees may be considered in lieu of experience

Strong knowledge of one or more security practice areas including security architecture, identity and access management, asset management, vulnerability management, threat detection and response, endpoint security, network security, cloud security, web security, email security, data security, application security, threat intelligence

Performs ongoing analysis of various security events, incident alerts, event notifications, health status from security tools, and additional detection and response activities

Investigates security incidents and collaborates with the CISO and business organizations in response to detected threats

Coordinates with internal and external resources for risk mitigation and service outage resolution

Develops standard operating procedures for deployed security solutions, interfacing with managed security service providers, incident responses, review and escalation processes

Communicates security warnings, ongoing awareness, and general best practices to end-users

Develops performance metrics, trend statistical data, and customizes management reports for Risk, IT and Information Security

Strong knowledge of securing network/infrastructure design and deployment

Experience in conducting a daily assessment of vulnerabilities identified by infrastructure scans

Evaluate, rate, and perform risk assessments on assets

Prioritizing vulnerabilities discovered along with remediation timeline(s)

Knowledge of scripting languages and automation methodologies

Deep knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions

Experience with log analysis, packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions

Deep knowledge of computer networking concepts and protocols, and network security methodologies

Knowledge of cybersecurity management frameworks, regulatory requirements and industry leading practices

Experience in conducting technical risk assessments

Commits to ongoing professional education / training / certification in the Information / Cyber Security field