Information Security Engineer - Virtual
Best Western Hotels & Resorts is a leading, global hospitality network comprised of three hotel companies, including WorldHotels® Collection, Best Western® Hotels & Resorts and SureStay Hotel Group®.
As an Information Security Engineer at Best Western International, Inc., you will lead efforts to ensure that BWI’s network infrastructure and applications are implemented and monitored to the highest security standards. ?
Essential Job Results
Perform information security risk assessments for IT projects and consult with Information Security Architects on secure design solutions. Advise internal customer groups on secure design recommendations and validate the successful completion of these initiatives. Demonstrate working knowledge of core security toolsets used by the Security and Risk team (e.g., Splunk, Tripwire, Nessus, Symantec DLP, Snort, Burp Suite). Collaborate with Information Security Architects to apply this knowledge to build solutions that enable BWI to more accurately identify and address security issues. Engage with Network, Linux, Windows, Cloud Platform and Business Technology teams to remediate significant findings in a timely manner. Research security advisories and threat intelligence sources. ?Evaluate impacts to BWI's infrastructure and advise on appropriate actions to protect the organization's network and systems.? Execute response procedures to effectively manage security incidents.? Support year-round compliance with PCI-DSS and other regulatory mandates. Enforce Information Security Policies and Procedures.? Provide leadership and guidance to junior team members in improving their skills at the Analyst level.? Review findings from security-focused application code scanning tools. ?Collaborate with development teams to implement solutions that address significant findings.
Recommended 5 years’ experience in an Information Security Role, with strong knowledge of vulnerability assessment, SIEM, and intrusion detection methodologies. ?Or 5 years of System or Network administration and demonstrated knowledge of security principles and concepts.
Education and Certifications
BS in Computer Science or related field, or equivalent combination of education and experience.
Security certifications such as SANS (GSEC/GPEN/GWAPT/GCIA/GCIH/GCLD/GWEB/GCSA) CISSP, CISA, Security+ are desirable.?
Hands-on experience with vulnerability scanning, intrusion detection, file integrity monitoring, data loss prevention, and log monitoring solutions. ?Familiarity with Nessus, Snort, Tripwire, Symantec DLP, and Splunk is desirable.
Ability to explain common TCP/IP protocols and best practices for secure usage. ?Demonstrated knowledge of Unix and Windows operating systems.
Knowledge of Risk Assessment frameworks such as NIST and COBIT. ?Familiarity with Change Management frameworks such as ITIL.
Understanding of network security principles, cryptography, role-based access control, application security, and common scripting languages (e.g., Python, PowerShell).
Experience with credit card and data privacy regulations such as PCI-DSS and EU Privacy Shield.
Experience with software security assessments using tools such as SonarQube and Burp Suite.?
Cloud technology (AWS, Azure, GCP) experience with understanding of cloud security concepts desired.
Strong communication skills.
Exhibits personal characteristics and professional standards that serve as a role model for others.
May provide guidance and serve as a technical resource to less experienced staff.
Simplifies complex processes and organizes people and activities to get things done.
Full functional and technical know-how to meet professional standards and succeed in the job.
Keeps functional and technical skills current.
Conveys and obtains information both internal and external to the department.
Shares new concepts and approaches with others.
Uses written verbal or electronic skills to communicate effectively with a variety of levels in the organization, including those less familiar with computing terminology.
Uses rigorous logic and methods to solve technically complex problems.
Uses a wide degree of creativity and latitude to analyze and resolve problems.
Best Western Hotels & resorts offers a different kind of work atmosphere, a place where everybody pulls together around a common goal. In fact, helping one another is at the heart of our organization, which began as an informal referral system in 1946 among member hotels focused on the idea of "member helping member." Today, our more than 1,000 corporate employees carry on that tradition of helping members - and each other - succeed.