OCLC, Inc.

Apply for this job

Principal Info Security Engineer (Information Technology)



You have a life. We like that about you.

At OCLC, we believe you'll do the best work of your life when you're living the best life possible.

We work hard to build the technology that connects thousands of today's libraries. But we also work hard to make a job at OCLC a meaningful part of a balanced life- not a substitute for one.

Technology with a Purpose. OCLC supports thousands of libraries in making information more accessible and more useful to people around the world.  OCLC provides shared technology services, original research and community programs that help libraries meet the ever-evolving needs of their users, institutions, and communities. With office locations around the globe, OCLC employees are dedicated to offering premier services and software to help libraries.

The Job Details are as follows:

Functional management for security controls in the production and non-production environments globally, especially as they relate to application development.

Responsibilities:

Manages and enhances OCLC's information security test and evaluation program, including management of ongoing vulnerability and secure configuration deviation identification, and coordinating remediation activities with system, application and process owners, especially as they relate to application development.

• Leads OCLC's computer incident response practices including incident management, coordination, analysis and investigation of potential security events.

• Leads OCLC's application development security program as it relates to incorporating the appropriate controls into the software development process.

• Analyzes & assists the development and interpretation of information security and security operations processes and requirements. Translates requirements and designs to assist operations.

• Analyzes & assists the translation of the Security Architecture to implementable patterns and other artifacts.

• Analyzes & assists the translation of Compliance artifacts like policies into implementable artifacts like guidelines.

• Coordinates with security control owners to assist in the implementation, review and improvement of OCLC's operational security controls.

• Works as a change agent within OCLC by promoting good information security practices. Seeks consensus when possible but drives results and maturity through leadership and collaboration with infrastructure and operational technology teams.

• Follows and implements all security configuration management processes and suggests improvements as they pertain to their work unit.

• Formulates and implements monitoring policies, procedures and standards relating to information security.

• Promotes OCLC's ISO/IEC 27001 program and the Secure SDLC, as they pertain to their work unit, and continually seeks improvements to operational procedures.

• Leads development of OCLC security hardening standards in compliance with all relevant ISO and NIST standards.

• Demonstrates good technical writing skills including ability to write clear, concise

project documentation and ability to draw Visio configurations. Requires good verbal communication skills and the ability to interact with other organizations within OCLC.

• Participates in the analysis and implementation of 3rd party security solutions for OCLC applications with the ability to understand the impact and analyze the risk.

Qualifications:

• Experience consisting of 3-6 years of information security experience across multiple domains

• Industry certifications (CompTIA, ISC2, ISACA) and a Bachelor's degree in a Computer Science-related discipline preferred. A combination of certifications, expertise and education are sufficient

• Familiar with routers and switches, VPN technology, network load balancers, network monitoring and analysis tools, such as Advanced Malware Detection Systems and IPS/IDS

• Experienced with relational database management systems and familiar with non-SQL database solutions.

• Experienced in information security incident management

• Experienced with cloud information security requirements and secure service delivery

• Familiar with vulnerability identification tools, specifically Rapid7 InsightVM and Tenable Nessus Professional

• Familiar with Windows and Linux enterprise server and workstation environments

• Demonstrates the ability to successfully implement at least one significant security engineering project

• Works with other areas in implementing significant architectural changes

• Manages multiple projects or sub-projects, at a Project Initiation approved level of up to $20,000-$100,000 using proven project management techniques.

• Shows the ability to analyze and solve problems in existing systems and demonstrate critical thinking

• Shows the ability to self-motivate and solve challenging problems without constant direction

• Demonstrates the ability to work and communicate effectively in a team environment

• Has a working knowledge of standard infrastructure tools (Radius, DHCP, DNS, NTP, SYSLOG, SSH etc)

• Demonstrates troubleshooting skills through resolution; understanding problem from the network, OS, and application levels

• Knowledge of security frameworks such as ISO 27001, NIST 800-53, NIST CSF, etc.

Working Conditions: Normal office environment.

ADA/EAA: The above statements cover what are generally believed to be the principal and essential functions of this job. Specific circumstances may allow or require some people assigned to the job to perform a somewhat different combination of duties.

Apply