Sr. IT Security Engineer

Information Systems

Coppell, TX

March 18, 2020

   

IT Security Senior Engineer

  

Dallas TX

  

  

What does it mean to be a BrinkerHead? We play like a team, take pride in our culture and seek every opportunity to make people feel special. Life is short. Work happy.

  

  

At Brinker, we connect, serve and give to create the best life for our Team Members, Guests and community. Through our cultural beliefs, Brinker empowers its Team Members to positively impact our 4 Key Results: Engaging Team Members, Bringing Back Guests, Growing Sales and Increasing Profits.

  

  

Brinker International is an equal opportunity employer; we foster an inclusion environment that promotes respect, diversity of thought and success for all.

  

  

Job Summary

  

  

Brinker is seeking an experienced Senior Engineer to be part of the IT Security and Risk Management team. The Senior Engineer will support the implementation and administration of information security policies, practices, procedures, and technologies in order to ensure the protection of networks, systems, applications, and data. This role will be looked to as an information security expert within the organization, helping ensure compliance with all security policies and standards, as well as with industry regulations and laws. This role will also be involved with day-to-day security operations by responding to security events of interest and recommending corrective action by working with IT and non-IT team members.

  

  

Your Key Job Functions

  

  • Provide  security consulting through advice, research, design, project management  services, and technical security expertise for all elements of the  business as part of designing security solutions for existing and new  networks, systems, applications, and business processes.
  • Directly  manage and drive for timely/successful completion of information security  projects and participate on various concurrent project teams that support  business initiatives.
  • Directly  assist in the testing, selection, design, implementation, documentation,  operation, and maintenance of various network and system security  technologies including, and not limited to: authentication, web  application firewalls, network and host firewalls, routers, switches,  VPNs, network and host NAC, network and host IDS/IPS, malware prevention,  etc.
  • Interact with  information security vendors and hold information security vendors  accountable to their technology and services obligations to the  organization.
  • Perform  internal investigations and e-discovery efforts.
  • Routinely  engage the organization’s MSSP and respond to escalations from the MSSP  within the defined SLA.
  • Perform log  collection, correlation, reviews, archival, retention, and monitoring of  automated alerts for items such as, and not limited to: malware alerts,  change detection alerts, rogue wireless network alerts, security system  health alerts, exploit attempt alerts, etc.
  • Work with  the Internal Audit department, Risk Management department, and Legal  department to perform security assessments of ASP’s, hosting providers,  service providers, and development firms that are contracted to  provide various services to the organization.
  • Perform,  document, and present to management security risk assessments around  existing and emerging technologies, business processes, and third party  provided business services.
  • Manage  internally generated SSL certificates and SSL certificates generated by a  managed PKI vendor.
  • Participate  in information security components of system provisioning to, and system  de-provisioning from, the organization’s networks.
  • Participate  and be an integral component of audit, compliance, and regulatory  functions, including and not limited to: Payment Card Industry (PCI) Data  Security Standard (DSS), Sarbanes-Oxley (SOX), emerging state and Federal  privacy laws, and general security auditing.
  • Assist  internal and external auditors as required.
  • Participate  in a vulnerability management program.
  • Manage and  maintain the organizations’ various information security technologies.
  • Participate  in the organization’s incident response plan and perform incident  reporting on an as needed basis.
  • Interface  with management as necessary by providing reports, presentations, and  recommendations.
  • Provide  technical leadership to team members.
  • Develop and  maintain information security policies, standards, procedures, controls,  and their compliance.
  • Constantly  review day-to-day information security operations and identify/implement  efficiency improvements through automation efforts such as scripting and  lean process improvement.
  • Provide cost  effective security improvements to reduce the frequency and duration of  incidents.
  • Must be able  to work outside normal business hours in order to perform diagnosis and/or  implementation of product releases or changes so that normal business  workflow is not interrupted.
  • Analyzes  security incidents and escalation of security events 24×7.
  • Shared  on-call duties will be required in a team environment.

  

  

What You Bring to the Team

  

  • Qualified  and successful candidates will have at least 10 years of IT experience  with at least 5 years of experience working extensively within information  security.
  • College  degree: Computer Science, Information Security, related field, or  equivalent experience.
  • Certified  Information Systems Security Professional (CISSP) certification preferred.
  • Penetration testing/ethical  hacking certification(s) will be considered.
  • Incident  handling and incident response certification(s) will be considered.
  • Working  knowledge with IT security, compliance, and regulatory requirements, such  as: Payment Card Industry (PCI) Data Security Standard (DSS),  Sarbanes-Oxley (SOX), Healthcare Information Privacy Protection Act  (HIPPA), state and Federal privacy laws.
  • Self-starter  and able to work independently.
  • Thought  leader in information security.
  • Demonstrate  ethical behaviors, the ability to recognize and deal appropriately with  confidential and sensitive information, and maintain the highest levels of  confidentiality.
  • Experience  implementing and maintaining information security technologies, such as:  IDS/IPS, malware prevention, database activity monitoring, secure password  repository, multi-factor authentication, SIEM, SPAM prevention, web  content filtering, IdM/IAM, encryption and encryption key management, DLP,  change detection, and vulnerability scanners.
  • Experience  performing vulnerability scanning and penetration testing both at an  application and network layer.
  • Experience  being involved in Incident handling and incident response.
  • Ability to  script via various scripting languages to automate day-to-day information  security operations and tasks.
  • Demonstrate  the initiative to continuously stay apprised of emerging security threats  and the general information security landscape.
  • In-depth  knowledge of TCP/IP: must be able to demonstrate technical understanding  of all layers of the TCP/IP stack, including familiarity with major  application-layer protocols such as HTTP, HTTPS, FTP, SFTP, FTPS, SMTP,  DNS, etc.; must be able to read and understand a packet trace; must be  able to read and interpret network access control lists.
  • In-depth understanding  of a variety of network and application attacks: examples include  DoS/DDoS, buffer overflows, SQL injection, reconnaissance scanning, and  evasive methods attackers use to avoid detection; must be able to  demonstrate a minimum level of familiarity with well-known vulnerabilities  and exploits.
  • Knowledge of  LANs, WANs, SANs, Microsoft Active Directory, Microsoft Windows server and  desktop operating systems, Linux operating systems, web services,  databases, messaging technologies, firewalls/switches/VPN devices,  Cisco routers/switches, web application firewalls, encryption at the  application layer and database layer in conjunction with encryption key  management pertaining to encryption.
  • Strong  organizational and communication skills, both written and oral.
  • Strong  documentation skills, including policy and standards writing.
  • Ability to  take information security best practices and implement them in such a way  that finds a balanced and secure solution that enables business  initiatives.
  • Able to  manage multiple medium to large scale projects simultaneously.
  • Proven  analytical/problem solving ability.
  • Demonstrated  ability to learn new skills quickly.
  • Able to work  and contribute to a team environment.
  • Strong  attention to detail.
  • Work  independently when needed.
  • Strong  customer service skills.
  • Hospitality  or Retail experience a plus.

  

Why Brinker

  

We offer a competitive benefits package including medical/dental/vision, life insurance, paid vacation/holidays, and 401(k) with company match and generous dining discounts. Every team member working at the Restaurant Support Center (aka Brinker headquarters) is eligible for annual bonus potential.

  

  

Our campus includes an onsite gym plus opportunities to increase your wellbeing with onsite Yoga and boot camp programs. Work/Life/Fun balance in a casual and collaborative work environment! Team members enjoy company-wide events and celebrations. Regular volunteer opportunities with our community give back programs

  

  

Check our Careers page for more exciting opportunities! Brinker Careers

  

Join our talent communities! Brinker LinkedIn
 
 
 

  

#LifeisShortWorkHappy
 #brinkerjobs
 #brinkerhead