Overview:

MUST have recent e-commerce experience.

Infrastructure (NOC, Network Engineering, Info. Security, DBA, Systems Admin.)

Responsibilities:

Support the strategic direction of security within the company as it relates to: (1) Design and implementation of a comprehensive information security program that is designed to protect the security, confidentiality, and integrity of personal information collected from our customers. (2) Oversee information security on the production site as well as in our office environment. This will include security incident response, patch management, vulnerability assessment, and security appliance management.
Drive the development of security policies, standards, and guidelines throughout the company to ensure a secure infrastructure is in place to protect against external and internal threats.
Develop strategies for addressing new risks to systems and information.
Ensure overall implementations of security controls across company and report on effectiveness.
Assist with evaluation of products and technologies related to design and deployment of secure systems.
Institute education and communication programs to increase security awareness.
Ensure security team thoroughly trouble shoots all security related events in support of 24x7 operations.
Conduct penetration testing and source code review.
Work with the enterprise architecture team to ensure that compliance is built into systems architecture and to identify, evaluate, and select security solutions to meet security/compliance needs.
Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
Ability to create and maintain security documentation and best practices for internal and external use.

Qualifications:

E-commerce industry experience required.
Experience working with email vulnerability scans.
Experience with the following: Hardening Core OS, ISO 17799 standards, gateway security appliances, incident resolution and handling including creation, response, closing and tracking, security management of production servers, and vulnerability scanning and management.
TCP/IP protocol, network sniffers, computer/network forensics, VPN, Asymmetric and Symmetric cryptography (e.g., PGP).
Strong troubleshooting skills for resolving various site security issues.
Ability to design and implement disaster recovery procedures.
Strong project management skills.