Security Engineer

Safe Auto Insurance Company is a property and casualty auto insurance carrier based in Columbus, Ohio. Founded in 1993, we are built on a philosophy of customer service. This means we strive to provide caring, professional, knowledgeable, responsible and dedicated customer service to help make insurance affordable to every driver, no matter what their situation.

The Security Engineer is responsible for supporting the Information Security team and its functions. The Security Engineer is expected to perform quarterly and annual tasks, review security events and reports, perform risk and vulnerability assessments, and administer the systems that the team maintains to secure the environment. Many duties are project-based, and require the Security Engineer to effectively plan, design, and implement projects with minimal oversight.

* Self-educates and continually develops skills around evolving security threats and of new security methods/technologies; * Performs security risk assessments , provides recommendations, and presents findings . * Identifies security requirements for projects and operational changes. * Evaluates and coordinates Information Security awareness and educational programs for all employees. * Monitors and enforces adherence to Information Security policies. * Leads improvement efforts for security policies and procedures. * Assists in improving security for Software Development Life Cycle (SDLC) processes. * Performs both automated and manual web application security testing and exploitation; recommends improvements as needed based on assessment findings. * Assists with internal and external audits including PCI, user audits, and general controls. * Establishes and maintains baselines for threats, vulnerability, and impacts. * Serves as information security consultant to the organization for all departments. * Reviews dashboards, logs, alerts, and reports on a daily basis. * Performs forensics investigations and serves as an advanced responder to security incidents, including tracking and reporting of security incidents. * Develops and maintains vulnerability scan reports for remediation efforts. * Tests accuracy and verifies false positives for vulnerability scan output. * Consolidates and designs/architects firewall environments. * Develops, maintains, and executes on assigned projects and associated project plans. * Manages/configures/maintains the following types of solutions: * Security Information and Event Management system (SIEM) * Firewalls * Intrusion Prevention * Data Loss Prevention * Email Filtering * Web Filtering * Advanced Malware Protection (Threat Emulation/APT Prevention) * File Integrity Monitoring * Forensics Software * Vulnerability Management/Assessment Software * Web Application Scanning Software * Anti-virus Software * Develops hardware/software security hardening templates; evaluates and ensures that systems security meets or exceeds best practice standards. * Implements or coordinates resolution/remediation of all security related issues. * Performs other duties as assigned.

**Competencies and Skills** * Strong working knowledge of Layer 2 and Layer 3 networking, both wired and wireless. * Strong background in firewall administration and support. * Working knowledge of proxies and load balancers. * Experience with the following technologies: * SIEM or log management solutions * Virtual Private Networks (VPNs) including site-to-site tunnels * Intrusion Prevention * Data Loss Prevention * Email Filtering * Web Filtering * Advanced Malware Protection (Threat Emulation/APT Prevention) * File Integrity Monitoring * Forensics Tools * Vulnerability Management/Assessment Software * Web Application Scanning Software * Anti-virus Software * Working knowledge of 2-factor authentication. * Understands cryptography and cryptographic key management. * Familiarity with Linux operating systems. * Strong background with Windows operating systems. * Working knowledge of Active Directory and Group Policy. * Understanding of web servers and web services. * Understanding of database infrastructure and database security. * Familiarity with SIP and VOIP. * Self-motivated and driven technical contributor. * Able to work independently and as part of a team to achieve set goals. * Able to prioritize multiple tasks and quickly change focus to high priority items. * Strong interpersonal, verbal and written communication skills. * Able to plan and execute effective strategies that have led to measurable business growth, significant expense reduction, or improved productivity. * Strong analytical and problem solving skills. * Ability to evolve within a rapidly changing environment. * Experience summarizing and presenting findings and challenges to management. * Familiarity with diagnostic tools and performance optimization tuning. * Ability to assess root issues and provide solutions for the business and to the customer. * Ability to communicate and translate technical language to non-technical customers. * Demonstrates and promotes creativity and innovation. **Education, Certification, and/or Experience** * Bachelor’s degree from 4 year institution, with emphasis in Information Technology, or equivalent work experience is required. * 5+ years of relevant experience in an Information Security role. * CISSP or similar security certifications preferred. **Other Qualifications** Must be available for 24x7 support for security incidents.