empty

Information Security Engineer I

Seneca Resorts and Casinos

Job Description

Posted on: 
November 25, 2024

Summary and company overview

Job Summary:

Assists in the on-going development of Seneca Gaming Corporation (SGC)’s enterprise information security architecture, information security policy implementation and enforcement, and is responsible for ensuring the confidentiality, integrity and availability of the company’s information assets within a blended information security framework based on published guidance from CIS, NIST, PCI DSS, ISACA (CoBIT) and a pragmatic/risk-based approach. Contributes to the improvement of the security posture for all endpoints. Contributes to the maintenance, monitoring, and support associated with enterprise information security controls pertinent to endpoints and infrastructure. Contributes to the maintenance, monitoring, and support associated with enterprise information security toolsets. Consults with Information Security & Assurance (ISA) and Information Technology (IT) management/teams to verify that appropriate security controls are in place, identify gaps, and facilitate remediation. Assists with guidance, coordination, and support for SGC business units during applicable audits where/when applicable. Acts as primary information security resource on business-driven project teams as directed. Relies on pre-established policies and procedures to perform the functions of the job. All duties are to be performed within the guidelines of the Seneca Gaming Corporation’s policies and procedures, Internal Control Standards, and objectives.

Company Overview:

NA

Responsibilities

  • Works collaboratively within a team of information technology, information security, and information assurance professionals to improve the information security posture across the enterprise.
  • Assists with all Information Security and Assurance governance support, focusing on all aspects of regulatory compliance – ITGC, PCI, and other industry and regulatory compliance requirements.
  • Directly responsible for improving the security posture of enterprise endpoints and for contributing to the improvement of the security posture of the enterprise infrastructure.
  • Acts as an information security resource on business-driven project teams.
  • Responsible for the maintenance, monitoring, and support associated with information security controls pertinent to endpoints to include desktops, laptops, servers, point-of-sale, and mobile devices & for infrastructure to include switch, router, firewall, wireless, VPN, and other.
  • Responsible for maintenance, monitoring, and support associated with established information security toolsets to include endpoint protection, endpoint encryption, network access control, vulnerability scanning, identity and access management, intrusion detection/prevention, web access filtering, central logging, public key infrastructure, and other with a focus on streamlining operations.
  • Responsible for monitoring and reporting of information generated by enterprise information security toolsets.
  • Understands and supports defense-in-depth strategies, addressing any threats to the enterprise infrastructure.
  • Creates, maintains and supports pertinent information security control and solution documentation.
  • Performs vulnerability assessments, documents procedures, and reports findings to management.
  • Participates in and coordinates vulnerability remediation actions with IT, business units, external business partners, and vendor partners.
  • Assists with baseline penetration test tasks and security assessments/audits.
  • Active participant in the enterprise incident response plan.
  • Responsible for contributing to development, implementation, and enforcement of established information security and assurance policies and procedures.
  • Assists with facilitation of all applicable internal control review functions.
  • Assists with facilitation of all applicable audit evidence requests.
  • Assist Information Security Engineer II resources as requested.
  • Keeps abreast of the latest threats and vulnerabilities through independent study, and researches related technologies.
  • All work products must comply with Internal Controls, National Indian Gaming Commission (NIGC) Minimum Internals Control Standards (MICS), Sarbanes-Oxley (SOX), and Payment Card Industry Data Security Standard (PCI DSS) as pertinent.
  • Maintains a working knowledge and practical application of information security and assurance principles and practices as they relate to their job responsibilities. Proactively assesses potential risks within the environment and assists with on-going reviews of internal policies/procedures.
  • Maintains a current understanding of all policy and guidelines regarding information security including the Seneca Gaming Corporation Acceptable Use Policy. Understands and complies with all information security policies and procedures at all times.
  • Provides exceptional customer service to all patrons and communicates in a pleasant, friendly and professional manner at all times. Maintains a professional work environment with supervisors, managers, and staff.
  • Meets the attendance guidelines of the job and adheres to regulatory, departmental, and company policies.
  • Must complete all required SGC Training programs within nine (9) months from commencement of employment.
  • Attend all necessary meetings.
  • Duties, responsibilities, requirements, and expectations pertaining to this job are subject to change as needed. Hours are determined by a 24-hour schedule.

Job Requirements

Required Qualifications:

  • Must be 18 years of age or older upon employment.
  • Bachelor’s Degree in an Information Technology related field.
  • Minimum of three (3) years of work experience in a related Information Technology role is required.
  • Excellent understanding of networking principles including TCP/IP, WANs, LANs, and commonly used protocols/standards.
  • Experience with Microsoft Windows environment, commands, and utilities required.
  • Must be able to demonstrate proficiency in Microsoft Windows and Microsoft Office.
  • Must be able to learn all production applications/systems well enough to understand the security requirements of each and assist as directed.

Preferred Qualifications:

  • Experience in a dedicated information security role for a minimum of one (1) year is preferred.
  • Experience with IT audit processes (e.g. ITGC, PCI) preferred.
  • Some technical certifications (CompTIA Network+/Security+, Microsoft, Cisco) preferred.
  • Experience with IBMi (aka, AS/400, iSeries, System i) environment, commands, and utilities preferred.
  • Experience with information security tools and utilities, e.g., network access control, endpoint protection, detection and response, vulnerability scanning, identity and access management, security information and event management (SIEM).
  • Experience with network and system security practices.
  • Previous experience working in a casino/hospitality environment is desired but not a requirement.
  • Must possess excellent communication and analytical skills.
  • Must be resourceful, utilizing all resources that are available to resolve issues.
  • Must have the ability to resolve problems/conflicts in a diplomatic and tactful manner.
  • Must be able to work with little direction and supervision.
  • Must demonstrate good judgment.
  • Must be a team player with strong interpersonal skills.

Additional commentary

Physical Requirements and Work Environment:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually moderately loud. When on the casino floor, the noise levels increase to loud. Must be able to work in an environment where smoking is permitted.

  • Must be able to stand, walk, and move through all areas of the casino.
  • Must be able to maintain physical stamina and proper mental attitude to work under pressure in a fast-paced casino environment and effectively deal with customers, management, employees, and members of the business community in all situations.

Summary and company overview

Job Summary:

Assists in the on-going development of Seneca Gaming Corporation (SGC)’s enterprise information security architecture, information security policy implementation and enforcement, and is responsible for ensuring the confidentiality, integrity and availability of the company’s information assets within a blended information security framework based on published guidance from CIS, NIST, PCI DSS, ISACA (CoBIT) and a pragmatic/risk-based approach. Contributes to the improvement of the security posture for all endpoints. Contributes to the maintenance, monitoring, and support associated with enterprise information security controls pertinent to endpoints and infrastructure. Contributes to the maintenance, monitoring, and support associated with enterprise information security toolsets. Consults with Information Security & Assurance (ISA) and Information Technology (IT) management/teams to verify that appropriate security controls are in place, identify gaps, and facilitate remediation. Assists with guidance, coordination, and support for SGC business units during applicable audits where/when applicable. Acts as primary information security resource on business-driven project teams as directed. Relies on pre-established policies and procedures to perform the functions of the job. All duties are to be performed within the guidelines of the Seneca Gaming Corporation’s policies and procedures, Internal Control Standards, and objectives.

Company Overview:

NA

Apply now