Mercury InsuranceRemote
Director, Associate Information Security
Florida, United States of America
Full Time
2 hours ago
$107,344 - $300,603 USD
Visa Sponsor
Key skills
DNSJavaSwitchingTCP/IPUnix.NETAILeadershipOWASPPenetration TestingNetwork SecurityFirewall
About this role
Role Overview
- Lead our information security monitoring and response posture through 24x7x365 monitoring, detection, and response
- Drive our DevSecOps Security Operations Center built on low-false-positive alerting, automated response, and AI
- Act as an information security architect for supporting the information security program within IT and business initiatives
- Management and leadership of Information Security personnel
- Provide Information Security subject matter expertise and security consulting to IT projects and initiatives using information security standards, best practices, and approaches, with an emphasis on application security
- Develop Information Security requirements across the enterprise for data protection, network protection, and application protection and compliance with regulatory requirements for protection of information
- Conduct threat analysis for systems or applications including analysis of current and known security exposures, planning for remediation of exposures, staged and planned penetration testing, vulnerability assessment, and analysis of results
- Conduct research on best practices, emerging technologies and threats as it relates to Information Security
- Act as subject matter expert on security related control testing, control remediation and incident response
Requirements
- Bachelor of Science Degree in Information Technology or equivalent professional experience
- CISSP certification or equivalent is highly desirable
- SANS certifications or equivalent are desirable
- CISA or additional security certifications are desirable
- Minimum: 22
- 25+ years of work experience in multiple fields of Information Technology with an emphasis on Information Security
- 12+ years of this experience, directly in the Information Security field
- 5+ years experience in a leadership/management role directly leading people
- Available to be on-call in support of leading a 24x7x365 SOC environment
- Working experience with Intrusion Detection, Firewall Monitoring, System Monitoring
- Working experience and ability to conduct application / system Penetration Testing / OWASP using industry standard tools
- Extensive knowledge of Security Policy, Standards, Guidelines, and Process Development
- Detailed knowledge of secure architectures and their design
- Experience in an Commander role in security Incident Response processes
- Detailed knowledge of web application development (Java, .Net, Secure configurations)
- Working experience collaborating with development teams to understand and remediate application security vulnerabilities
- Working experience and ability to conduct network vulnerability testing and remediation
- Working experience and ability to conduct Threat Analysis
- Strong knowledge of Virus, Worms and Other Malware (Prevention/Detection) and Incident Response
- Strong knowledge of Encryption / Tokenization / Key Management
- Strong knowledge of access control technologies
- Excellent knowledge of Operating systems and platforms (UNIX, Windows, Virtualization, etc.)
- Working knowledge of network security (Routing, switching, TCP/IP, DNS, Architecture, WLAN)
- Working knowledge of state privacy laws and the PCI DSS
- Ability to work with all levels of personnel within the IT department and departments external to IT, in a dynamic and challenging environment
- Must consistently maintain a professional demeanor/attitude with all levels of management, employees, customers, and vendors to accomplish organizational goals; take action that respects the needs and contributions of others; take responsibility for actively participating and contributing to team efforts; acts as team facilitator when appropriate
- Ability to communicate complicated concepts to both management and technical staff and thrive in a cross-functional matrix environment
- Must be self-motivated and capable of working with minimal supervision and/or direction, and proactively manages their own workload
- Must be accountable and take direction from supervisor, follow work rules, and keep required work schedules, which include regular and predictable job attendance
- Well-balanced interpersonal skills are required
- Knowledge of security technologies and their alignment into compliance controls.
Tech Stack
- DNS
- Java
- Switching
- TCP/IP
- Unix
Benefits
- Competitive compensation
- Flexibility to work from anywhere in the United States for most positions
- Paid time off (vacation time, sick time, 9 paid Company holidays, volunteer hours)
- Incentive bonus programs (potential for holiday bonus, referral bonus, and performance-based bonus)
- Medical, dental, vision, life, and pet insurance
- 401 (k) retirement savings plan with company match
- Engaging work environment
- Promotional opportunities
- Education assistance
- Professional and personal development opportunities
- Company recognition program
- Health and wellbeing resources, including free mental wellbeing therapy/coaching sessions, child and eldercare resources, and more