InfoSec Engineer (Melville, NY, Hybrid, Bilingual Japanese)

Job Description

Job Description Description:Work location: 3 days onsite per week in Melville, NY. Note: Bi-lingual (Japanese and English) candidates only.Scope of Work (not limited to): Security Member who would report to Security InfoSec director.- Formulation of security policy and its deployment to each department.- External scanning and reporting of DMZ public sites using an external vendor (IIJA).- FW Management and Correlation Analysis (SIEM) and Reporting Utilizing External Vendor.- Management of patch application status and promotion of vulnerability response (each team is responsible for understanding the situation and managing the application status).- Triage and response/reporting in the event of a security incident.- Additional security-related inquiries.Expected Must Qualifications: - Bilingual personnel with a deep understanding of Japan business culture and minimum security knowledge.- Ability to analyze practical aspects, define deficiencies, and make recommendations to the director.- Proactive in assisting or leading activities that security team members are currently dealing with, aimed at reducing the current workload on each individual.- Skills to define the requirements of the Managed Service and provide feedback to EA/JA to address areas and shortages that can be handled by the Service from the client's standpoint.Expected Qualifications that impact our decision: - Enterprise Security Architecture Understanding & Experience: A comprehensive framework that outlines the structure, policies, and procedures for securing an organization's information systems, ensuring alignment with business objectives and regulatory requirements.InfoSec Key Activities Understanding & Experience: - Risk Assessment: Identifying, evaluating, and prioritizing risks to the organization's information assets.- Policy Development: Creating comprehensive security policies and procedures that align with regulatory requirements and best practices.- Access Control: Implementing measures to ensure that only authorized individuals can access sensitive information.- Incident Response: Developing and executing plans to handle security breaches effectively, minimizing damage and ensuring quick recovery.- Security Awareness Training: Educating employees on security best practices, potential threats, and how to respond to security incidents.- Monitoring and Auditing: Continuously monitoring systems for suspicious activity and conducting regular audits to ensure compliance with security policies.Security Technology Experience: - Microsoft Sentinel- Microsoft Defender- Crowds Strike- Palo Alto Networks- Cisco Firepower / ASA- Cisco Umbrella- CATOZero Trust and SASE Understanding and Experience: - Implementing multi-factor authentication (MFA) for all users and devices.- Micro-segmentation to isolate sensitive data and applications.- Continuous monitoring and analysis of user activities and behaviors.- Least privilege access to minimize potential attack vectors.- Integrating security services such as secure web gateways (SWG), cloud access security brokers (CASB), and zero trust network access (ZTNA).- Implementing software-defined WAN (SD-WAN) for optimized and secure connectivity.- Deploying and managing SASE solutions to provide seamless and secure access to cloud and on-premises resources.- Utilizing SASE to enhance network visibility and control, ensuring compliance with security policies. #J-18808-Ljbffr