Information Security Engineer

Job content

Requisition Number: 49933

Corning is one of the world’s leading innovators in materials science. For more than 160 years, Corning has applied its unparalleled expertise in specialty glass, ceramics, and optical physics to develop products that have created new industries and transformed people’s lives.

Corning succeeds through sustained investment in R&D, a unique combination of material and process innovation, and close collaboration with customers to solve tough technology challenges.

Corning’s Display Technologies segment manufactures glass substrates for active matrix liquid crystal displays (“LCDs”) that are used primarily in LCD televisions, notebook computers and flat panel desktop monitors.

Scope Of Position

The Information Security Engineer will play an integral role in aligning and maintaining the organization’s security strategy and practices. The position will require the ability to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. This opportunity requires experience performing assessments of vendors for both hardware and software (commercial off the shelf and cloud-based). The ideal candidate will have broad technical experience that compliments their ability to identify deficiencies in physical, technical or administrative controls and capable of providing their technical expertise and guidance to stakeholders to ensure deficiencies are addressed in accordance of the organization’s standards and industry best practices.

Roles & Responsibilities

• Participate in design reviews and new business requirements as needed referencing company policy and standards and ensuring security best practices are employed.
• Liaise with the vendor management team to conduct security assessments of existing and prospective vendors including but not limited to the following:
• Software as a service (SaaS) providers
• Cloud/infrastructure as a service (IaaS) providers
• Managed service providers (MSPs)
• Assesses the providers’ SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to manager and vendor management teams.
• Ability to produce architecture artifacts, such as solution designs, that combine and integrate multiple technologies, from conceptual models to applied architecture.
• Identify and report on risks associated with current or future services.
• Maintain an effective review process for new and existing third-party engagements by the assigned lines of business and monitor third party performance against established benchmarks/contract requirements.
• Initiate and complete special project assignments, special ad hoc reviews or other assignments.
• Partner with business units, operations, technology, risk management and other stakeholders to understand the business environment, evolving business priorities, and obtain key data and information.
• Collect, document, track, follow-up, and report on information security risk exceptions.
• Keep up to date on changes in laws and regulations impacting the line of business through education programs/conferences, trade publications, agency websites and emails.
• Document, track and report all issues, and keep manager and business unit management informed as necessary.
• Document, monitor, follow-up, and report on non-approved use of technical services.
  

Required Skills

• Hands-on experience or strong working knowledge of network technologies such as next generation firewalls, IDS, IPS, WAF, routing, switching, SDN.
• Data loss prevention tools at the network and endpoint layers.
• Cloud services such as: cloud-based email, enterprise file sync and share, cloud access security brokers (CASB), IAAS, PAAS, SAAS, and hybrid implementations.
• Mobile and endpoint: Enterprise mobility management including MDM and MAM; endpoint security – anti-malware, encryption.
• Enterprise security tools such as identity and access management, multi-factor authentication, privileged access management, malware and endpoint protection, threat and vulnerability management, threat intelligence, and security incident and event management tools.
• Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge and understanding of baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM).
• Encryption: public key infrastructure, key management, cryptography.
• Experience designing the deployment of applications and infrastructure.
• Excellent communication skills to articulate the risks associated with technology choices to technical and non-technical stakeholders.
• Ability to quickly learn, communicate and apply technical concepts to the changing security landscape.
• Be a problem solver and go-getter who strives to meet the objectives of the function and the project.
• Excellent team player who takes initiative and ownership of assigned items to see them through completion.
  

Desired Skills

• Industry certifications: CISSP, CISA, CISM, CRISC, or relevant certifications preferred.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Certifications in AWS or Azure environments.
• Experience with Microsoft M365 and related security tools.
• Familiarity with NIST CSF, NIST 800 series, PCI-DSS, ISO 27001, GDPR, SOX, COBIT, ITIL.
• Familiarity with SOC reports.
• Experience working within and securing a DevOps environment
• Experience with Agile methodologies
• Experience with IOT technologies
• Experience in a service-oriented organization serving many stakeholders globally.
  

Education Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cyber Security or related field, or demonstrates equivalent industry experience.
  

Work Experience

• At least 3-5 years hands-on experience with relevant security technologies listed.
• Experience producing architecture artifacts: conceptual and logical architectures, solution technical designs, requirements analysis
• Experience in cloud service provider security assessments and evaluations or implementing cloud services.
• Demonstrated ability to prepare and communicate technical architecture concepts and analyze and defend design choices.
• Experience collaborating with service providers to ensure deliverables meet expectations.