Job Description

This position will work to support information security initiatives for Ensign College. It is anticipated that this position will transfer to the responsibility of the Church Education System/Brigham Young University security team at the end of 2024. The Information Security Engineer 4 is a specialist, professional role that functions as a lead engineer in efforts related to threat hunting, integration / automation, network, and system forensics. Additionally, this role performs security assessments, addresses policy and control gaps in security assessments, and establishes an incident response plan for the Ensign College organization. This may also include work with IT portfolios, or other internal departments and organizations, to assist in the review and/or documentation of, and implementation of, controls and practices that meet the defined policies and standards for risk and compliance. This individual works with divine guidance to provide or support technology that furthers the mission of the Church and reflects the eternal impact of the gospel.

• As directed, identifies and documents business risks and helps coordinate remediation of vulnerabilities and threats.
• Identifies, clarifies, and escalates concerns to incident responders where appropriate.
• Facilitates the implementation of risk and compliance programs with periodic guidance from manager.
• Contributes to the creation of IT risk plans that correlate back to policies, standards and controls.
• Make effective use of existing data, logs, configurations, and systems for signs of irregularities and abnormal patterns.
• Assists in the facilitation of IT risk analyses and the creation of risk management processes.
• Assists in the investigation and analysis of technology audit recommendations.
• Monitors and reports on audit remediation efforts.
• Conduct threat and risk assessments of systems within the environment.
• Assist with content that will drive SOC monitoring and detection (use cases, priority, actionable and relevant intelligence).
• Developing core foundational components of the Threat Hunting program.
• Keep up to date on attacker trends, tactics, techniques, procedures.
• Lead in tactical projects as they arise to clarify and respond to identified security risks across technical domains.
• Lead the effort to define business objectives, operational parameters, success metrics and process documentation for a

security program.


Education:

• Bachelor\xe2\x80\x99s degree in related field or equivalent professional experience

Work Experience:

• 8+ years experience in security, privacy, business continuity, compliance, or related field; or 6+ Years relevant work experience and 3+ of the following provable expertise and skills in the following areas: attacker tactics for both enterprise and web systems, incident handling, Continuous Monitoring, Intrusion detection, ADV. Network Forensics, and Incident Response, Host Forensics and Malware, represented by industry standard recognized certificates, I.E. SANS, EC Council, etc.

Demonstrated Skills & Abilities:

• Strong interpersonal and collaborative skills to work effectively as part of a team with ability to influence positive

outcomes in an advisory or consultative role.

• Excellent written and verbal communication skills, including the ability to effectively communicate security and risk-related concepts to technical and non-technical audiences.
• Strong working knowledge of information security practices, trends and technologies.
• Experience with Threat Hunting techniques on both the endpoint and network data.
• Strong understanding of common attack vectors and offensive tools and tactics.
• Understanding of enterprise architectures and large IT environment operations.
• Understanding of common malware types and behaviors and common infection vectors.
• Ability to identify attacker Tactics, Techniques and Procedures (TTPs).
• Experience with statistical/quantitative analysis methods and tools.
• Ability to develop small automation scripts and makeshift tools (Python, PowerShell, Bash).
• Strong findings documentation and reporting skills.
• Effective professional written and oral communication skills.
• Functions equally well in abstract conceptual and architectural work as in detailed technical implementation and configuration work.
• Ability to successfully work on a team.
• Expertise in two or more domains of information security.
• To successfully perform the essential functions of the job there may be physical requirements which need to be met such as sitting for long periods of time and using computer monitors/equipment.

Specific Degrees, Certifications, Licenses:

• One or more industry certifications or additional relevant industry experience

Preferred

• GIAC certification
• CISSP certification

Church employees find joy and satisfaction in using their unique talents and abilities to further the Lord\xe2\x80\x99s work. From the IT professional who develops an app that sends the gospel message worldwide, to the facilities manager who maintains our buildings\xe2\x80\x94 giving Church members places to worship, teach, learn, and receive sacred ordinances\xe2\x80\x94our employees seek innovative ways to share the gospel of Jesus Christ with the world. They are literally working in His kingdom.
Only members of the Church who are worthy of a temple recommend qualify for employment. Apart from this, the Church is an equal opportunity employer and does not discriminate in its employment decisions on any basis that would violate U.S. or local law.
Qualified applicants will be considered for employment without regard to race, national origin, color, gender, pregnancy, marital status, age, disability, genetic information, veteran status, or other legally protected categories that apply to the Church. The Church will make reasonable accommodations for qualified individuals with known disabilities.