At OCLC, we believe you'll do the best work of your life when you're living the best life possible.
We work hard to build the technology that connects thousands of today's libraries. But we also work hard to make a job at OCLC a meaningful part of a balanced life- not a substitute for one.
Technology with a Purpose. OCLC supports thousands of libraries in making information more accessible and more useful to people around the world. OCLC provides shared technology services, original research and community programs that help libraries meet the ever-evolving needs of their users, institutions, and communities. With office locations around the globe, OCLC employees are dedicated to offering premier services and software to help libraries.
The Job Details are as follows:
The Lead Info Security Engineer is responsible for monitoring, developing, and supporting the security infrastructure and other security solutions within the enterprise. The Lead Info Security Engineer is tasked with protecting computer assets by establishing and monitoring technical vulnerabilities and security monitoring tools, such as Intrusion and Malware Detection Tools. This position is also responsible for identifying and responding to security and operational incidents as appropriate. Other duties include configuring security systems, performing advanced maintenance activities, and conducting functions such as vulnerability assessments, penetration testing, and developing and implementing new technologies, policies, and procedures.
Requirements
Leads and enhances OCLC’s information security test and evaluation program, including management of ongoing vulnerability and secure configuration deviation identification, and coordinating remediation activities with system, application, and process owners, especially as they relate to application development.
Leads OCLC’s computer incident response practices including incident management, coordination, analysis, and investigation of potential security events.
Leads OCLC’s application development security program as it relates to incorporating the appropriate controls into the software development process.
Analyzes & assists the development and interpretation of information security and security operations processes and requirements. Translates requirements and designs to assist operations.
Leads efforts to install and implement system patches, service packs and version upgrades as assigned; leads process improvement efforts; familiar with industry best practices; develops and maintains a roadmap for future system improvements; ushers through simple to complex system environment changes.
Assist with implementing aspects of the Information Security Risk Management Program related to identification, measurement, monitoring and reporting on security related risks. Examples include: data classification, security metrics, system risk assessments, third party system risk assessments, etc.
Conducts security vulnerability scans of operating systems and applications, produce reports, and make recommendations for vulnerability remediation.
Supports security awareness by providing orientation, educational programs, and on-going communication.
Plans and recommends security measures to protect an organization's computer networks and systems.
Serves as mentor and support as needed for less experienced Security Analysts.
Qualifications
Experience consisting of 6-8+ years of information security experience across multiple domains.
Industry certifications (CompTIA, ISC2, ISACA) and a Bachelor's degree in a Computer Science-related discipline preferred. A combination of certifications, expertise and education are sufficient.
Attention to detail, ability to organize work, and follow-up skills are critical to the successful performance of position responsibilities.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
Ability to prioritize and address multiple projects and meet deadlines is critical.
Demonstrates the ability to successfully implement at least one significant security engineering project.
Works with other areas in implementing significant architectural changes.
Strong troubleshooting and organizational skills.
Has a working knowledge of standard infrastructure tools (Radius, DHCP, DNS, NTP, SYSLOG, SSH etc).
Demonstrates troubleshooting skills through resolution; understanding problem from the network, OS, and application levels.
Knowledge of security frameworks such as ISO 27001, NIST 800-53, NIST CSF, etc.
Working Conditions: Normal office environment.
ADA/EAA: The above statements cover what are generally believed to be the principal and essential functions of this job. Specific circumstances may allow or require some people assigned to the job to perform a somewhat different combination of duties.
