Principle Engineer - IT Security

The IT security principal  position is working within an IT security team to review, evaluate, design, engineer, implement, and/or maintain advanced security products, processes and associated policies for the Corporation.  The intended solutions can represent IT security functions in areas such as for example: threat and vulnerability management; networking; intrusion detection service (IDS), application security design and testing; identity and access management and control; and IT and information security risk management and security management in support of IT security policies, processes and standards. The IT security technical engineer also must support the continued monitoring, maintenance and continual improvement of the IT security infrastructure.  The person in this position will be a leader in the IT organization and considered a subject matter expert in multiple security-related areas as well as in the field of IT Security and or risk overall. This position requires advanced, hands-on security expertise.  Additionally, strong written and oral communication skills are important for this role.  This position may be called upon for around-the-clock, 7 days a week support of security events and/or alerts within the QD IT infrastructure and applications. 

• Develops security and or risk strategies and solutions to improve, augment and enhance the posture of IT Security at Quest Diagnostics. 
• Engineer, install, upgrade, maintain, and/or support a variety of security tools.  These may include products and tools in various areas including:   network vulnerability scanning, application vulnerability scanning; network and application access controls; intrusion detection systems; data loss prevention, security incident and event management (SIEM), etc. 
• Assists in the coordination and completion of applicable IT security SOP’s. 
• Periodically reviews and updates corporate IT Security standards and procedures as required by such changes in technologies, business activities, corporate policies and/or regulations. 
• Work with IT leadership and the business to develop strategies and plans to enforce security requirements and address identified risks. 
• Is a subject matter expert in multiple areas of IT Security including the field of IT Security and or risk overall, and provides technical guidance on any IT projects. 
• Develops and maintains detailed knowledge of security products, tools, regulations, best practices, and trends. 
• Reports to IT management concerning risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance. 
• Plays a consultative role in application development and lead security role in acquisition/merger projects to assess security requirements and controls and to ensure that security controls are implemented as planned. 
• Collaborates on critical IT projects to ensure that IT security issues are addressed throughout the project life cycle. 
• Fully understand security policies, standards, processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained. 
• Researches, evaluates and recommends IT and information-security-related hardware and software, including developing business cases for security investments. 
• Assumes highly visible technical project management role. 
• Flexibility for occasional on call availability as business need dictates given 24/7 business operation 
• Manages relationships with key IT Security product and service vendors. 
• Provide engineering expertise in the delivery of assigned security products, such as all applicable security tools. 
• Works closely with Security architecture in the overall design and implementation of security solutions.  May be called upon to represent security architecture if one is not assigned to an IT initiative. 
• Develop processes to migrate to IT Operations any security products where possible. 
• When appropriate represents IT Security to Senior IT Management and customers 

QUALIFICATIONS

Required Work Experience:  

• Minimum 10 years’ experience with the implementation and support of an IT Security program including:  aspects of security design and engineering; threat and vulnerability management; data protection; incident management and response; application security development, testing and assessments; and security management,  
• This person should be able to perform a variety of technical tasks, including, for example, the installation of security software, configuration of software, and problem determination and resolution.   

Preferred Work Experience:  

• Minimum 10 years’ experience with the implementation and support of an IT Security program including:  aspects of security design and engineering; threat and vulnerability management; data protection; incident management and response; application security development, testing and assessments; and security management,  
• This person should be able to perform a variety of technical tasks, including, for example, the installation of security software, configuration of software, and problem determination and resolution.   

Physical and Mental Requirements: 

N/A

Knowledge:  

N/A

Skills:  

• Demonstrated ability in defining and/or evaluating security requirements and relate them to appropriate security measures and controls.  
• Ability to interact with company personnel at all levels and across all business units and organizations, and to comprehend business imperatives. 
• Strong leadership abilities, with the capability to develop an IT security team and guide team members and to work with only minimal supervision. 
• Sound communications skills, including both oral and written, are important for the candidate to be successful in this role. 
• Creativity 
• Timely Decision Making 
• Peer Relationships 
• Problem Solving 
• Intellectual Horsepower 
• Decision Quality 
• Directing Others 
• Presentation Skills 
• Communication Skills 

EDUCATION
Bachelor’s Degree
Master’s Degree

LICENSECERTIFICATIONS
Certified Information Systems Security Professional (CISSP)
GIAC Security Expert (GSE)
Systems Security Certified Practitioner (SSCP)