Position : Senior Information Security Engineer

　　Location : Kansas City, Kansas

　　Requisition ID: : 24364

　　Assist with the planning, design, and implementation of technology and procedures designed to protect the confidentiality, availability, and integrity of DFA’s information assets. Responsible for performing security research; identifying vulnerabilities and threats and designing the necessary safeguards (both technical and administrative) to minimize risk and defend against potential attack; performing security assessments utilizing a variety of information security tools; managing and/or implementing systems critical to security; and providing education on information security policy and topics. Applies experience in security administration, project management, and technical infrastructure.

　　Job Duties and Responsibilities:

　　Act as security technical expert; provide advisory and consulting services to business and technical teams

　　Assist and/or lead the planning, creation, and management of security architecture, components, policies, processes, and standards for all applicable platforms and environments to influence IT services decision making

　　Conduct complex security architecture design and analysis of on-premise and cloud-based networks, systems, applications, third-party integrations and other technologies to identify risks and provide guidance on strategies for mitigating those risks

　　Design, deploy, and manage enterprise security tools including, but not limited to log management (SIEM), antivirus, intrusion prevention, data leak prevention, network access control, vulnerability scanning and remediation, etc.

　　Perform and/or analyze vulnerability scans and penetration tests to direct other parties in properly mitigating vulnerabilities. Support both internal and external penetration testing and validation of security control effectiveness

　　Maintain updated baseline security configuration standards for operating systems (OS hardening), network segmentation, and access controls in conjunction with industry best practices and applicable compliance requirements

　　Create and maintain high quality documentation for current and proposed security architecture, standards, procedures and technical configurations

　　Support achievement of Information Security’s strategic objectives by ensuring policies, processes and standard controls are adopted and applied consistently across all locations

　　Determine security requirements by evaluating business strategies and requirements, researching information security standards, conducting risk and gap assessments, and studying architecture/platforms and processes

　　Research, recommend, and/or develop new or improved tools or relationships to enhance security services, information intelligence and analytics

　　Ensure that all acquired or developed security systems and security architectures integrate with enterprise security architecture

　　Proactively identify threats and vulnerabilities, and collection, correlate and analyze data to detect potential unauthorized system accesses

　　Participate and\or lead investigation efforts to determine root causes and appropriate response actions

　　Continually stay informed on security and technology issues and emerging threats that could impact the business and communicate these issues within the security team and other appropriate audiences

　　Assist in developing and implementing security awareness and technical training efforts

　　The requirements herein are intended to describe the general nature and level of work performed by employee, but is not a complete list of responsibilities, duties, and skills required. Other duties may be assigned.

　　Minimum Requirements:

　　Education and Experience

　　Bachelor’s degree in information security, computer science or other related field (work experience may be substituted for the required education on a year for year basis)

　　Minimum of 3 years of information security and\or IT technical work experience

　　Strong understanding of current information security threats, standard frameworks (e.g., NIST CSF, ISO27001\2)

　　Experience with implementing and managing two or more of the following common security technologies: centralized log management, firewalls\intrusion prevention, application and system vulnerability scanning, intrusion detection\prevention, antimalware, encryption, and authentication and access controls

　　Understanding of security controls necessary to protect both on-premise and cloud-based platforms (AWS, Azure) and applications including Active Directory, Windows server and desktop, Mac OS, SQL, VMWare virtualization etc.

　　Strong collaboration skills with the capability to develop and guide junior-level security team members and work effectively with business stakeholders and other technical staff

　　Excellent written and verbal communication skills with the ability to effectively communicate complex concepts, policies, and procedures to individuals with a varying range of expertise, interests and backgrounds

　　Excellent problem solving and analytical skills with the ability to quickly isolate problems, collect data, establish facts and draw valid conclusions

　　High level of integrity and judgement concerning privacy and confidentiality issues

　　Certification and/or License -- at least one professional security certification (CISSP, SANS, CEH or other relevant certification) preferred

　　Knowledge, Skills and Abilities

　　Knowledge of information security frameworks and architectures

　　Knowledge and ability to apply security frameworks like ISO27001 in a business setting

　　Knowledge of security incident response and management

　　Knowledge of Microsoft OS and company computer systems

　　Knowledge of the use of Azure

　　Knowledge of managing large scale windows operating environments

　　Knowledge of project management tools and techniques

　　Knowledge of principles and practices of supervision, training, and personnel management

　　Skill in proficient computer usage

　　Skill in critical thinking, analysis, mathematical calculations, and statistical evaluations

　　Able to communicate clearly and effectively, both verbally and in writing

　　Able to apply technology solutions to business problems

　　Able to work with accuracy and attention to detail

　　Able to work in collaboration effectively and foster good teamwork

　　Able to present ideas using language that is relatable to business and end-users

　　Able to consider impact of actions and decisions on employees, coworkers, and customers

　　Able to multi-task and problem solve

　　Able to work independently and as part of a team

　　Able to prioritize and meet deadlines

　　Able to promote a team environment

　　Able to present to diverse audiences from front line team members to senior management

　　Able to perform task and duties without constant supervision

　　Able to read, write, and speak English

　　Additional desired skills, competencies and experience include:

　　Experience in the Dairy, Food and Beverage or Consumer Products Industry

　　Experience with security controls for SAP

　　An Equal Opportunity Employer