The U.S. Pharmacopeial Convention (USP) Senior Security Engineer in Rockville, Maryland
Senior Security Engineer
The Senior Security Engineer serves as key individual contributor on the Information Technology (IT) Security team. As part of the IT Security team, the Senior Security Engineer will help support USP’s global public health mission by protecting critical computing assets, securing sensitive data, and working with the Global IT teams to provide security monitoring and incident response.
The Senior Security Engineer is responsible for implementing, monitoring, and supporting security-focused systems. Other responsibilities include: ensuring systems and networks have adequate security to prevent unauthorized access; working as part of the security operations team for USP; developing metrics and reports to share with system owners and administrators regarding the efficacy of security controls and policies; and the creation and maintenance of security documentation. In addition to the tactical operational duties, the position will also engage in projects to implement new technologies and to enhance organizational security capabilities.
Roles and Responsibilities
Engineer, implement, and monitor security controls for the protection of global computer systems, networks, and information
Identify, recommend, and implement appropriate technical solutions to mitigate security vulnerabilities, monitor for malicious activity, and automate repeatable tasks
Management, configuration, and administration of commercial firewall products such as Palo Alto, Cisco ASA, or Checkpoint
Deployment, maintenance, and operational use of security systems, including intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, and related technologies
Coordinate and support the implementation of security controls across the global USP sites
Provide guidance and implement security controls for cloud-based infrastructure and services
Identify and define system security requirements
Prepare and document standard operating procedures
Configure and troubleshoot security infrastructure devices
Identify and implement security orchestration and automation cases
Perform security monitoring and incident response
Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
Collaborate with other IT groups to address operational issues
Other duties as assigned
Bachelor’s degree in Information Technology or a relevant field required
3-5 years of experience in IT security for a mid-large size organization
Equivalent combination of education and relevant experience may be considered
GCIH, GCIA, GMON certifications preferred
Proficiency at the command line for both Linux and Windows environments
Proficiency with scripting in one or more of the following: PowerShell, Python, bash
Proficiency with vulnerability scanning tools such as Nessus
Proficiency with Intrusion Detection Systems such as Snort or Suricata
Experience supporting Security Onion deployments
Experience in performing data analysis using tools such as Splunk or Elasticsearch/Kibana
Familiarity with the NIST Cybersecurity Framework (CSF), the CIS Critical Security Controls, the Mitre ATT&CK framework, and similar security resources
Familiarity with web related technologies (Web applications, Web Services and of network/web related protocols
Experience implementing security controls for information systems
Problem solving skills and the ability to work under pressure
Ability to produce quality documents, procedures, reports, and other written documentation
Excellent communication skills
Experience handling multiple projects simultaneously in a dynamic, deadline-oriented environment with ability to reach decisions in a timely manner
Demonstrated analytical skills to critically evaluate the information gathered from multiple sources, reconcile conflicts, decompose high-level information into details, abstract up from detailed information to a more general understanding
Able to work flexible hours when needed. In addition to normal business hours of 8:30 a.m. 5:00 p.m. Monday through Friday, serves on a team to provide 24 hour a day, 7 days a week response to emergency alarm calls and can be available on short notice to support requests during unusual hours, especially early or late in the day during the business week.
USP offers an impressive benefits package , including:
Generous paid time off – 13 paid holidays, 10 sick days and 15 vacation days per year to start
An annual 401(k) contribution, beginning after 1 year of service, of 10% of pay (base and bonus) every pay period that vests immediately
Comprehensive individual and family healthcare plans with affordable premiums and low annual deductibles ($250/individual or $500/family)
The U.S. Pharmacopeial Convention (USP) is a scientific nonprofit organization that sets standards for the identity, strength, quality, and purity of medicines, food ingredients, and dietary supplements manufactured, distributed and consumed worldwide. USP’s drug standards are enforceable in the United States by the Food and Drug Administration, and these standards are used in more than 140 countries.
Being a part of USP means belonging to a diverse culture made up of more than 1,000 talented professionals working together at five international locations. We share our expertise in science, IT, human resources, quality assurance, communications, administrative management, and more...all to support an overall mission dedicated to making a difference by providing standards and programs that help improve the quality of medicines, dietary supplements, and foods worldwide.
USP is proud to be an equal employment opportunity employer (EEOE) and affirmative action employer. Employment selection and related decisions are made without regard to sex, race, age, disability, religion, national origin, color, veteran status, sexual orientation, gender identity or any other protected class. We are committed to working with and providing reasonable accommodation to individuals with disabilities.
USP does not accept unsolicited resumes from 3rd party recruitment agencies and is not responsible for fees from recruiters or other agencies except under specific written agreement with USP.
Rockville, Maryland, United States
Job Category Information Technology