Information Security Engineer
Today’s Best Western has been on a journey of incredible transformation, elevating our brand image, improving the guest experience and enhancing our organizational culture. Today, this culture of modernization and innovation is embraced by our more than 1,000 corporate employees, many of whom have stayed with Best Western for 10, 20, even 30+ years. We are proud to have created a work atmosphere that provides an exciting, fun and rewarding place to work every day.
- As an Information Security Engineer at Best Western International, Inc., you will lead efforts to ensure that BWI’s network infrastructure and applications are implemented and monitored to the highest security standards. ?
Essential Job Results
- Perform information security risk assessments for IT projects and consult with Information Security Architects on secure design solutions.
- Advise internal customer groups on secure design recommendations and validate the successful completion of these initiatives.
- Demonstrate working knowledge of core security toolsets used by the Security and Risk team (e.g., Splunk, Tripwire, Nessus, Symantec DLP, Snort, Burp Suite).
- Collaborate with Information Security Architects to apply this knowledge to build solutions that enable BWI to more accurately identify and address security issues.
- Engage with Network, Linux, Windows, Cloud Platform and Business Technology teams to remediate significant findings in a timely manner.
- Research security advisories and threat intelligence sources. ?
- Evaluate impacts to BWI's infrastructure and advise on appropriate actions to protect the organization's network and systems.?
- Execute response procedures to effectively manage security incidents.?
- Support year-round compliance with PCI-DSS and other regulatory mandates.
- Enforce Information Security Policies and Procedures.?
- Provide leadership and guidance to junior team members in improving their skills at the Analyst level.?
- Review findings from security-focused application code scanning tools.
- Collaborate with development teams to implement solutions that address significant findings.
Recommended 5 years’ experience in an Information Security Role, with strong knowledge of vulnerability assessment, SIEM, and intrusion detection methodologies. Or 5 years of System or Network administration and demonstrated knowledge of security principles and concepts.
Education and Certifications
- BS in Computer Science or related field, or equivalent combination of education and experience.
- Security certifications such as SANS (GSEC/GPEN/GWAPT/GCIA/GCIH/GCLD/GWEB/GCSA) CISSP, CISA, Security+ are desirable.?
- Hands-on experience with vulnerability scanning, intrusion detection, file integrity monitoring, data loss prevention, and log monitoring solutions. ?Familiarity with Nessus, Snort, Tripwire, Symantec DLP, and Splunk is desirable.
- Ability to explain common TCP/IP protocols and best practices for secure usage. ?Demonstrated knowledge of Unix and Windows operating systems.
- Knowledge of Risk Assessment frameworks such as NIST and COBIT. Familiarity with Change Management frameworks such as ITIL.
- Understanding of network security principles, cryptography, role-based access control, application security, and common scripting languages (e.g., Python, PowerShell).
- Experience with credit card and data privacy regulations such as PCI-DSS and EU Privacy Shield.
- Experience with software security assessments using tools such as SonarQube and Burp Suite.?
- Cloud technology (AWS, Azure, GCP) experience with understanding of cloud security concepts desired.
- Strong communication skills.
All your information will be kept confidential according to EEO guidelines.