Cyber Engineer

About The Position

Requirements

• Bachelor's Degree in cybersecurity or a related field
• 10+ years of professional experience in Application/Software Security, DevSecOps, third-party risk management, or closely related cybersecurity discipline
• Must possess CISSP or equivalent certification
• Understanding of NIST 800-171 and CMMC requirements, or strong understanding of security and compliance concepts related to another framework (RMF, CSF)
• Willingness to respond to incidents outside of regular business hours as needed
• Excellent analytical, problem-solving, and communication skills
• Ability to work effectively both independently and collaboratively
• Ability to mentor junior-level engineers and analysts as needed
• Ability to anticipate and communicate technical risks to program or proposal managers
• Ability to analyze various cyber attacks and assess the impact to information systems
• Must be a U.S. citizen with the ability to obtain and maintain a U.S. Government security clearance

Nice To Haves

• CISSP-ISSAP or CISSP-ISSEP
• Strong understanding of networking architecture
• Knowledge of cloud security concepts, DevSecOps practices, or adversary emulation frameworks
• Prior experience mentoring team members or leading small cybersecurity projects
• Experience in enterprise environments, cloud platforms such as Azure or AWS
• Proficiency in scripting/automation and query languages (SQL, SPL, FQL, KQL)

Responsibilities

• Influences secure API development standards and implementations across multiple platforms
• Adopts security standards for the API lifecycle and disseminates them across development and security teams
• Develops authentication and authorization security requirements to adhere to credential storage, privilege management and authenticity standards; supports role- and attribute-based access control
• Regularly monitors the security community for public-facing security issues as well as to learn new tactics for securing data transmissions and reducing attack exposure
• Attends and participates in application projects and change management committee meetings, including interacting with business units and technical teams to understand what is coming and how projects can be more secure from the beginning
• Focuses on application security that complies with NIST SP 800-171, NIST Risk Management Framework (RMF), and other applicable regulatory or industry standard requirements and privacy laws
• Supervises testing and validation in application security controls across projects
• Builds services and tools to enable developers and DevSecOps Engineers to easily use security components produced by application security team members
• Supports the ability to “shift left” and incorporates security early on and throughout the development lifecycle
• Leverages vulnerability database sources to understand the weakness, probability, and remediation options supplied by vendors as well as workarounds
• Enriches DevSecOps architecture with security standards and best practices
• Partners with teams to define key performance indicators (KPIs) and metrics across business units
• Produces engineering artifacts, building blocks, and deliverables in compliance with SDL Information Systems Engineering Procedure

Benefits

• SDL offers competitive salaries and a comprehensive benefits package.
• Visit our Benefits Page to learn more about what we offer.