Security Engineer

SUMMARY

The IT Security Engineer is responsible for performing activities related to the administration,

implementation, improvement, and monitoring of information systems security systems, standards, and best practices. Incumbents will carry out routine to complex assignments in one or more IT security-related areas including server, workstation, application, network, event/incident response, and identity and access management. They will work to ensure systems and staff comply with IT policies and procedures across Gun Lake Casio and will be involved with recommending and implementing changes to the environment that further protect Gun Lake Casino's information and assets.The Security Engineer must possess strong technical knowledge of information systems, security practices, and technologies, the use of established IT security applications, controls/methods, and a working knowledge of Casino industry issues/concerns related to IT security.

ESSENTIAL QUALIFICATIONS

EDUCATION

? A Bachelor's degree in IT or a related field, or an equivalent combination of education and experience is required.

? Certified CompTIA Security+ certification is preferred

? CEH (Certified Ethical Hacker) course is preferred

EXPERIENCE

? Five (5) years of experience in IT

? Two (2) years of experience in IT Security

? Casino experience is preferred

KNOWLEDGE, SKILLS, & ABILITIES

? Must be 21+ years of age.

? Strong working knowledge of computer fundamentals, computer operations, and system administration standards including backup & recovery, security administration, performance analysis & tuning, capacity planning, and hardware and O/S maintenance.

? Familiar with Nessus security scanner.

? Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x).

? Experience working with Splunk, Network Management tools, Juniper network technologies, related segmentation strategies, and Microsoft patch management (Microsoft Windows Server 2008R2 -2016, Windows 10).

? Knowledge of anti-virus platforms.

? Demonstrated experience in performing detailed assessments and/or implementations of modern information security technologies such as firewalls, virtual private networks (VPN), intrusion detection systems (IDS), intrusion prevention systems (IPS), endpoint security solutions, servers, and other infrastructure solutions (security information and event management (SIEM), federated authentication and authorization, anomaly detection systems, identity and access management, and public and private cloud technologies).

? Proven experience designing, managing, and monitoring in one or more of the following areas: Identity and Access Management, Threat Intelligence, Data Loss Prevention, and PCI Compliance.

? An understanding of regulations and frameworks including National Institute of Standards and Technology (NIST), Payment Card Industry (PCI), and Center for Internet Security (CIS).

? Experience with firewall platforms, review associated logs, and system intrusion testing techniques.

? Experience with PCI compliance preferred.

? Demonstrated organizational skills.

? Must have excellent interpersonal communication skills (written/oral) with the ability to maintain a high degree of confidentiality.

? Must be highly organized and detail-oriented.

? Must meet performance standards including attendance and punctuality.

DUTIES AND RESPONSIBILITIES

? Perform ongoing security procedures, including review of patch compliance, configuration

management, firewall activity, and other system logs, vulnerability (anti-virus, software/firmware

patch) management, periodic system intrusion testing, and investigation of exception conditions

working alongside the Information Security department.

? Monitor and report on compliance with security policies as well as the enforcement of policies.

? Implement controls and configurations aligned with security policies, and regulatory and audit

requirements.

? Manage the security of servers and workstations by implementing upgrades, patches, and updates to operating systems, software applications, and threat protection software; establish group policies and user rights, and disable unnecessary services where applicable.

? Perform security testing and vulnerability analysis of new and existing systems, working to ensure vulnerabilities are mitigated.

? Lead and perform routine, periodic inspections of new and existing systems to ensure security measures are functioning and effectively utilized and recommend remedial measures where appropriate to minimize or mitigate future system compromises.

? Participate in the review, evaluation, and recommendation of security enhancements, tools, and technologies such as anti-malware, anti-phishing, encryption, firewalls, internet filtering, monitoring, and intrusion detection.

? Participate in root cause analysis of critical events for improving preventative and reactive processes.

? Responsible for monitoring security and making a recommendation of security posture at Gun Lake Casino.

? Perform additional duties and projects as assigned by management.

PHYSICAL REQUIREMENTS

? Requires normal, corrective vision range, the ability to see color and the ability to distinguish letters, numbers, and symbols.

? Occasionally lift up to 25 pounds.

? Must be able to sit or stand for the duration of the shift.

? Manual dexterity to operate job-related equipment.

WORK CONDITIONS

Work is typically in an office environment. However, it may be unusually hot, cold, noisy, and may contain second-hand smoke. Some tasks may be performed from a sitting or non-sitting position in a confined area. Performance of job duties will require standing, walking, lifting, reaching, pushing, pulling, and grasping. These tasks include the maintenance and care of assigned areas. Constant contact with fellow Team Members and Guests.

DISCLAIMER AND CONDITIONS OF EMPLOYMENT

The above statements are intended to describe the general nature and level of work being performed by persons assigned to this job. These statements are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required. All applicants must be able to demonstrate their US work authorization during the employment verification process. The pre-employment process also requires the ability to pass a criminal background investigation, and drug/alcohol test.

INDIAN PREFERENCE

The Match-E-Be-Nash-She-Wish Band of Pottawatomi Indians abides by Native American preference in its hiring and employment policies.

Gun Lake Tribal Gaming Authority reserves the right to make changes to the above job description as necessary.