Senior Security Engineer
West Monroe isn’t a start-up firm, but we act like one.
From day one, our people have the opportunity to make a definitive personal impact for their clients and their careers. What does this mean? It means we seek out the best of the best, and then we challenge them to make us better. If you are looking to be a “behind the scenes” technologist, this isn’t the place for you. We celebrate driven professionals who thrive in a collaborative environment. Sound interesting? Then West Monroe Partners just might be the place for you.
Think you’re up for the challenge?
West Monroe Partners is currently seeking a Security Leader to be responsible for the health and development of its Information Security capability. This role will assist the business in maintaining its security operations program and be responsible for managing the response, recovery, and review of security incidents. The Security Engineer functions as a critical conduit between West Monroe’s Internal IT team and West Monroe’s Performance Services Security team.
Demonstrate an understanding of security technology and ability to apply commonly known security practices and possess a working knowledge of applicable industry controls such as the NIST cyber security framework. Individuals must be able to provide subject matter expertise and guidance to operational teams that request or require Information Security Engineering. Candidates should be familiar with security services such as vulnerability management, incident response, event monitoring, threat management, and others.
Specific skills include, but are not limited to, the ability to:
- Thoroughly and accurately understand issues and analyze the problem in a systematic fashion.
- Act as trusted security advisor to West Monroe IT and Business Stakeholders—act as the bridge between them and the West Monroe Partners Security Operations Center (SOC) for escalations
- Performing risk assessments for projects, and providing guidance to leadership on the appropriate course of action
- Manage and drive improvements in West Monroe’s security culture, including strategies, objectives, capabilities, and budget
- Design and create information security policy and processes (e.g., vulnerability mgmt., incident response, event monitoring, etc.)
- Keep users/clients abreast of problem status, set clear expectations, and provide timely follow-up
- Independently handle challenging user/client situations
- Provide reporting to WMP personnel on a regular and ad-hoc basis
- Compiles and analyzes data for management reporting and metrics
- Assist with the change management process
- Work with client management and provide written and oral status updates; facilitate and lead meetings in both a project and escalated incident setting
- Perform other duties as required or assigned
- 7+ years of similar work experience in security
- Strong Knowledge of security strategy and risk management
- Analyzes potential impact of new threats and communicates risks to relevant business units
- Validates and maintains incident response plans and processes to address potential threats
- Responds to computer security incidents according to the computer security incident response policy
- Experience with Incident Handling, Threat Intelligence, Security Architecture and Design
- Experience with a major ticketing system and a SIEM portal and/or reporting systemDetailed knowledge of security technologies and trends
- Understanding of Firewalls, Intrusion Detection Systems, Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Web Application Firewalls, Advanced Malware Defense Appliances, DDOS Prevention, Application Whitelisting, and Network Packet Capture Solutions.
- Excellent organizational, verbal and written communication skills
- Ability and willingness to travel occasionally to other West Monroe offices
- Bachelor’s degree in Computer Science, MIS, or equivalent
- CISSP, CEH, SANS GIAC series and other certifications that demonstrate a commitment to continued professional information security advancement are expected, but not required
- Experience with Information Security Compliance Frameworks like HIPAA, SOX, ISO 27001, ISO 27005, NIST 800-53, NIST 800-30, PCI DSS and GDPR is desired.
- Experience with eSentire security tools
- Ability to read/translate IDS/IPS, syslog & firewall logs, rules and configurationProject management experience preferred
- Previous consulting experience and strong soft skills (active listening, problem solving, conflict resolution, etc.)