Reliance Steel & Aluminum Co.

Job Summary

The Information Security Engineer II will play a crucial role in safeguarding the company's assets and ensuring the confidentiality, integrity, and availability of our information systems and data. The Information Security Engineer II will play a pivotal role in the design, implementation, and maintenance of multiple security solutions. In addition, the Information Security Engineer II will work closely with other teams to promote secure designs and practices across the company to mitigate risks and meet business objectives and regulatory requirements.

Physcial Requirements

Stand or Sit(Stationary position), Walk(Move, Traverse), Use hand/fingers to handle or feel (Operate, Activate, Use, Prepare, Inspect, Place, Detect, Position), Climb (stairs/ladders) or balance (Ascend/Descend, Work atop, Traverse), Talk/hear(Communicate, Detect, Converse with, Discern, Convey, Express oneself, Exchange information), See (Detect, Determine, Perceive, Identify, Recognize, Judge, Observe, Inspect, Estimate, Assess), Reaching, Repetitive Motion

Function in the Job

Sedentary Work- Exerting up to 10 pounds of force occasionally, and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Job Function

Security Roadmap – Ability to guide the organization in the development of the Security Program Roadmap.

• Contribute to the development of the Security Program Roadmap
• Develop an understanding of the organizational risk profile, organizational threats, and 3rd party compliance requirements

Security Engineering - Architects and implements security technologies.

• Assist with identifying potential security technologies and researching their capabilities.
• Contributes to the design and implementation of security solutions
• Contributes to identifying migration / upgrades for end-of-life technologies
• Recommend security improvements to management
• Administer security tools and troubleshoot issues that arise

Threat Management - Ability to understand security threats and their risk to the organization.

• Contribute to the research of new and existing security threats and provide input to their potential risk to the environment
• Understands the anatomy of a breach and provides assistance with investigations

Security Governance - Establish and maintain self-audits, policies, and procedures to provide assurance that information security strategies are aligned with applicable laws and regulations through adherence to internal controls.

• Propose areas for "self-audits" based on security assessments and/or new technology deployments
• Propose security policies or procedures based on security assessments and/or new technology deployments

SUPPLEMENTAL DUTIES

• Serve as technical liaison with vendors
• Pursues training and development opportunities; strives to continuously build knowledge and skills
• Assist personnel in other technology departments to resolve technical and/or application issues
• Participate and assist in the coordination of both internal and external audits
• Other duties as requested

Required Skills

• Bachelor’s Degree or equivalent work experience in a related field required
• 3+ years’ experience in an Information Security role with responsibilities in assessing application and infrastructure architectures for security threats and vulnerabilities, strongly preferred
  • Alternatively, 5+ years’ in a Senior level network/systems role with a strong focus on Security, required
• Must be self-motivated and able to work independently, with minimal supervision and as part of a team
• Hands-on experience with security infrastructures (e.g. Firewalls, IDS/IPS, VPN, Secure Email Gateways, Web Content Filters, Proxies, DLP, SIEM) required
• Solid foundational understanding of networking concepts required
• Professional security management certification, such as a ISC(2) Certified Information Systems Security Professional (CISSP), SANS GIAC Information Security Professional (GISP), CompTIA Security+, CompTIA Network+, highly desirable
• Knowledge and experience with common information security management frameworks and best practices, specifically the National Institute of Standards and Technology (NIST) frameworks and Center for Internet Security (CIS) Critical Security Controls, highly desirable
• Understanding of cloud security concepts (SaaS, PaaS, IaaS), mobile architecture, network and application security and/or data protection, preferred
• Experience implementing security concepts with at least one major IaaS vendor is preferred
• Detail oriented with excellent interpersonal communication skills
• Expected to effectively partner and collaborate with other teams on an ongoing basis
• Strong conceptual thinking and communication skills - the ability to translate medium complexity business and technical requirements into effective solutions
• Strong organizational skills and ability to multi-task in an enterprise business environment
• Ability to manage/track completion of multiple ongoing projects and remediation tasks
• Proficient technical documentation skills
• Strong written, verbal and presentation communication skills and ability to communicate at all levels within an organization

Compensation Range

The anticipated compensation for this position is USD $119,500.00/Yr. - USD $153,000.00/Yr. depending on experience, qualifications, and location.