Information Security Operations Engineer
Company: Meredith Corporation
Location: Des Moines
Posted on: November 14, 2019
JOB SUMMARY - Major goals and objectives.
The Information Security Operations Engineer position helps protect
Meredith brands and Meredith client brands against various security
risks and attack methods. This individual is a member of the
Meredith IT Security team and works cross-functionality to respond
to threats that may arise against our technology and application
ESSENTIAL JOB FUNCTIONS
Incident Response-Blue Team:
Defend, monitor and respond to security indicators by correlating
and analyzing a variety of application, network and host-based
security logs across various computing environments (on-premise,
cloud, SaaS, etc.) and determine the correct remediation actions
and escalation paths for each incident. Configure, implement, and
optimize security protection and detection capabilities such as
vulnerability scanning, configuration compliance scanning, firewall
reviews, intrusion prevention/detection systems, internet
protection and log management infrastructure. Appropriately
instrument systems and applications to detect and alert on attacks,
and coordinate with security tools and automation to implement
automation for detection, escalation and remediation. Perform risk
analysis of vulnerabilities and threats and evaluate efficiency of
existing protection and detection mechanisms. Evaluate new and
emerging technologies for appropriateness, fit, and functionality
with our current technologies, and the strategic plan. Use
experience and knowledge from attacks to work with our
infrastructure and applications teams to reduce the attack surface
and harden configurations, architectures and data storage
structures. Design, develop and implement automated incident
response methodologies. Conduct incident response exercises and
cyber defense drills to evaluate and improve processes related to
threat detection, incident response, patching and remediation.
Provide information regarding intrusion events, security incidents,
and other threat indications and warning information to teams and
leadership as part of incident response. Author post mortem reports
to be provided to senior leadership following an intrusion or red
team engagement. Creates and maintains a working relationship with
business partners, IT teams, local and federal officials and
Perform threat hunting exercises using threat intelligence,
analysis of anomalous log data and results of historical events and
data to detect and respond to threats. Maintain awareness of new
and emerging security threats. Develop anomaly detection dashboards
and reports to identify potential threats, suspicious activity and
intrusions. Research industry trends, identify ongoing security
threats, analyze new security testing tools, and provide
recommendations on the need and usefulness of services and/or
products. Gather threat intelligence and build, optimize, and
develop systems for effective and efficient security response.
Consult and provide risk management recommendations with cost
analysis based on environment. Develop and design technical
recommendations and execute remediation and mitigation
Security and Compliance Operations:
Performs daily operations and execution of security-related tools,
processes and controls related to security prevention and defense
initiatives. Supports solutions such as network proxies, intrusion
detection/prevention systems, remote access, multi-factor
authentication, security event monitoring, infrastructure and
system hardening, patch deployment and vulnerability management.
Help coordinate and drive remediation of identified risks and
control deficiencies. Serves as technical and functional subject
matter expert across multiple security domains, raising awareness
and communicating security risks within the company. Help lead
incident response and technical investigations, as assigned.
Provide prompt, courteous and professional customer service, and
collaborate with business and technology staff to support Meredith
Corporation objectives. Serves as technical and functional subject
matter expert across multiple security domains, raising awareness
and communicating security risks within the company. Supports
projects to ensure they are delivering on time, cost effective
solutions that meet security and functional specifications.
Effectively communicate security concepts with both technical and
MINIMUM QUALIFICATIONS AND JOB REQUIREMENTS - All must be met to be
Bachelor s Degree in Information Assurance, Computer Science,
Engineering or equivalent education and experience.
Industry certification such as CISSP, CASP, GCIA, GCIH, GPEN, GCFA,
CEH, CISA, CISM is a plus.
Five or more years of experience in Information Security and two
years experience as a member of a Security Operations Center (SOC)
or investigating security incidents.
Specific Knowledge, Skills and Abilities:
* Working knowledge of IT environments including IT secure
architecture, security technologies, security industry trends and
direction, system and technology integration, audits, internet
security, computer crimes and IT standards, procedures and
* Highly experienced working on Information Security Incidents,
investigation, containment and remediation.
* Experienced working within a fast-paced incident response team
with knowledge of log correlation, forensics, security
vulnerabilities and exploits.
* Experienced deploying security solutions, architecting detection
and response solution to mature capabilities.
* Deep understanding of threats, threat actors, and indicator of
* Experienced with maturing strategic and tactical aspects of the
Threat Intelligence program.
* Knowledge of the chain of custody process and properly securing
* Understanding of OWASP top 10, SANS top 25, and other attack
* Proficient with various scripting and programming languages.
* Proficient with identification and remediation of security
* Experience performing web application security/penetration
testing in accordance with well-known methodologies.
* Basic knowledge of IT audit and control, governance, asset
management, software licensing, product and vendor evaluation, and
* Working knowledge of IT systems management including change
control, software process improvement, and technical
* Experience with regulatory requirements related to SOX, Privacy
legislation and PCI.
* Working proficiency of various technology tools.
* Ability to work cooperatively and professionally with co-workers,
customers and management.
* Strong verbal and written communication skills in order to
interact effectively at all levels of the organization.
* Self-motivated and passionate about continuous improvement of
security and development practices.
* Problem-solving skills to determine the programming effects on
* Good decision-making skills.
% Travel Required (Approximate): Less than 5%
It is the policy of Meredith to provide equal employment
opportunity (EEO) to all persons regardless of age, color, national
origin, citizenship status, physical or mental disability, race,
religion, creed, gender, sex, sexual orientation, gender identity
and/or expression, genetic information, marital status, status with
regard to public assistance, veteran status, or any other
characteristic protected by federal, state or local law. In
addition, Meredith will provide reasonable accommodations for
qualified individuals with disabilities.
Meredith participates in the federal E-Verify program to confirm
the identity and employment authorization of all newly hired
employees. For further information about the E-Verify program,
please click here: http://www.uscis.gov/e-verify/employees
Keywords: Meredith Corporation, Ankeny , Information Security Operations Engineer, Engineering , Des Moines, Iowa
Didn't find what you're looking for? Search again!