JOB SUMMARY:

Under general supervision, the position assesses informational security systems and protects company information systems. Evaluates security systems against industry standards and best practices to identify what needs to be included. Assists during proof of concept and technology evaluation. Assists in recommendation of technology purchases and architectural changes. Collaborates with other technical business units to see project through execution.

KEY RESPONSIBILITIES:

• Assists in coordinating network and application security scans, tests, and assessments to reduce risk around vulnerabilities of information services. Improves security standards and procedures within the organization that support strategic, tactical, and operational objectives on a cost-effective basis.

• Studies and interprets current and past security events to improve security defenses; develops and implements new tools and processes based on findings.

• Researches and analyzes company technical initiatives to mitigate risk.

• Assists in evaluation of new security technology and toolsets to ensure optimal security posture.

• Assisting in setting computer security policies and security awareness programs.

• Participates in audits, analyzes user access for compliance & integration of tools. Implements improvements which eliminates waste from processes and systems.

• Assists in the development, implementation, and enforcement of organization-wide security risk assessment and control standards, policies and procedures.

• Documents security risks and events and subsequent responses.

MINIMUM QUALIFICATIONS:

• Bachelors degree in Computer and Information Science, Computer Engineering, Information Security, Networking, or a related field, or foreign equivalent, or suitable combination of education, experience and training; AND 3 years of experience in Security Operations or Information Technology.

PREFERRED QUALIFICATIONS:

• Bachelors degree in Computer and Information Science, Computer Engineering, Information Security, Networking, or a related field, or foreign equivalent, or suitable combination of education, experience and training; AND 3 years of experience in Security Operations or Information Technology.

• 3 years experience in SOC/Security Engineering including: Vulnerability Management, Application Scanning (DAST and SAST), Application Security Testing, Secure coding as part of SDLC software development lifecycle pipeline; Network Security, Client Security, Server Security, Cloud Security, Email Security, Penetration Testing, Web Proxy, WAF (Web Application Firewall), and Security Vendor Evaluations. Two years' experience using technologies such as: Rapid7 Metasploit, Rapid7 App Spider, Rapid7 Nexpose, Proofpoint, Burpsuite, Sonarqube, JfrogXRay, QRadar, Cisco products, (Umbrella, Stealthwatch, AMP, Intelligent Proxy, Tetration, or ISE.

• AND/OR 3 years experience in GRC including: regulations/security standards such as SOX, PCI, HIPAA, GDPR, CCPA, NIST, CMMC; IT General Controls; Governance, Risk, and Compliance; Risk Assessment, 3rd party risk, and IT Policies. Technologies such as Lockpath, Archer, Workiva, Workday, Maximo

• And/OR 3 years experience in Identity Management including: user administration, security role administration, privileged access, security access audits, and automation. Technologies such as Active Directory, Workday, Maximo, IBM Mainframe

• Certified in Risk and Information Systems Control (CRISC) - Information Systems Audit and Control Association

EDUCATION:

• Bachelors: Computer and Information Science (Required), Bachelors: Computer Engineering (Required)

WORK EXPERIENCE:

• Security Operations

CERTIFICATIONS:

• Certified Ethical Hacker (CEH) - International Council of Electronic Commerce Consultants (EC-Council), Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC), Microsoft Certified Systems Engineer (MCSE) - Prometric, Security Essentials Certificate (GSEC) - Global Information Assurance Certification (GIAC)

JOB OPENING ID:

• 00478680 Security Engineer I (Open)

“This job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.”

J.B. Hunt Transport, Inc. is committed to basing employment decisions on the principles of equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, persons with disabilities, protected veterans or other bases by applicable law.

At J.B. Hunt, we continuously look for new ways that our people, processes and technology can be used to move freight transportation forward. We hire for entry-level, professional and management roles across several areas, including corporate services, customer service, engineering and technology, operations, sales and more!