Senior Information Assurance Engineer

Georgia Lottery is a recognized leader and innovator in the lottery industry and we significantly change the lives of our customers through prize payouts. We also provide educational opportunities for Hope Scholarship recipients, Pre-Kindergarten programs and technical upgrades for classrooms.

Job Summary:

The purpose of this job is to provide overall security engineering expertise in the areas of penetration testing and risk analysis; project management for key initiatives to implement appropriate processes related to security management, planning, and system controls. This position will work within the Information Security department under the IT Governance & Risk Validation program pillar.

Essential Duties and Responsibilities:

The following duties are normal for this job. These are not to be construed as exclusive or all-inclusive. Other duties may be required and assigned.

Perform Application security penetration testing to ensure that GLC services, applications and websites are designed and implemented to the highest security standards.

Provide technical leadership on information security risk mitigation with emphasis on web/application security.

Coordinate vulnerability remediation activities and work with the IT department to mature the patch management lifecycle based on vulnerability management SLA's created by the Information Security department.

Create hardening standards for all IT platform technologies.

Establish and maintain a secure we/applications program that will include identification of appropriate security reviews at key project milestones, training developers on secure coding/development practices and management of tools and services that will enable validation of controls during the design and build phase.

Facilitate corporate wide information security awareness training.

Maintain web application, source code and penetration assessment tools.

Deploy and maintain risk management framework and processes.

Develop and maintain vendor risk management processes.

Perform project risk assessments.

Perform other duties as requested.

Knowledge and Skill Requirements:

Bachelor's Degree in Computer Science, Management Information Systems, Business Administration, or related field required.

5 years experience in Information Security.

3 years of Information Risk assessment experience.

One of the following certifications are required: Certified Information Systems Security Professional (CISSP); Certified Information Systems Auditor (CISA); Certified Information Security Manager (CISM); GIAC certifications and Certified Ethical Hacker (CEH)..

Minimum of five (5) years experience working with the following technologies is required: Active Directory; IPSEC & SSL. VPN technology; Firewalls (Check Point, Cisco); anti-virus technologies; Enterprise Encryption Solutions.

Experience and knowledge of the following technologies preferred: Storage Area Networks; MS SQL. Microsoft Office; Security Information and Event Management (SIEM), IDS/IPS

Must possess strong verbal and written communications skills,

Knowledge of a variety of vulnerability management solutions (Qualys).

Must possess strong project management skills.

Any equivalent combination of education, training, and experience which provides the requisite knowledge, skills , and abilities for this job may be considered.

Benefits:

Fun environment

Competitive pay

Excellent benefits package

Business casual workplace

401k with company contribution