Lead Engineer, Information Security
About The Position
The primary purpose of this role is to provide consultation and technical direction to engineers focused on supporting the design, implementation and ongoing operation of information security tools and services. This includes providing expert direction for effectively translating business requirements and functional specifications into robust enterprise security software solutions that ensure information assets are adequately protected with acceptable levels of control. This also includes facilitating successful monitoring, testing, and evaluation of security assessments of systems and leading the design and implementation of remediation solutions. To be successful, the individual in this role must have advanced knowledge of security practices and tools related to identity and access management along with enterprise digital certificate management systems. This role serves as a technical expert for project teams that establish and maintain programs that enable the business to operate efficiently and remain in compliance with regulatory and industry best practices.
Requirements
- Bachelor’s degree Computer Science, CIS, Engineering, Cybersecurity, or related field or equivalent years of experience in lieu of education requirement, if applicable
- 7 years Experience in technology system support, software development or a related field
- 5 years Experience with information security applications and systems
- 4 years Experience evaluating complex application and hosting environments to identify potential weaknesses and provide remediation plans to reduce risk
- 5 years Experiencing designing complex application and infrastructure systems
Nice To Haves
- Master’s degree Computer Science, CIS, Business Administration or related field
- 6 years Experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC)
- 3 years DevOps experience
- 1 year Experience with Cloud technologies
- 4 years Experience designing application pipelines with secure configuration parameters to remove or reduce known threat vectors
- 5 years Experience working with diverse application and infrastructure environments to identify and provide technical guidance on threat reduction at both the application and supporting infrastructure layer
- 6 years IT experience developing and implementing business systems within an organization
- 6 years Experience working with defect or incident tracking software
- 6 years Experience writing technical documentation in a software development environment
- 4 years Experience working with an IT Infrastructure Library (ITIL) framework
- 4 years Experience leading teams, with or without direct reports
- 6 years Experience working with source code control systems
- Experience working with Continuous Integration/ Continuous Deployment tools
- PCI ISA
- CRISC
- OSCP
- GPen
Responsibilities
- Drives the strategic design, development, and optimization of advanced cybersecurity platforms, harnessing expert-level scripting methodologies and custom code development to uphold the highest standards of security infrastructure and resilience
- Serves as a technical expert for project teams throughout the implementation and maintenance of assigned information security solutions; defines and oversees the documentation of detailed standards (e.g., guidelines, processes, procedures)
- Educates others on current architectural standards and guidelines to drive efficiency in the design and implementation of information security solutions
- Resolves complex problems spanning multiple applications to drive overall improvements in security across systems and applications
- Identifies, reports, and leads technical support activities during information security incidents as part of an Incident Response Team; reviews and responds to security alerts to investigate malicious activity
- Leads the technical evaluation of new security technologies that address both current and future needs based on emerging threats and industry trends
- Keeps up to date with exploits relevant to the retail sales environment; researches possible preventative measures
- Solves complex cross-functional architecture/design and business problems; solutions are extensible; works to simplify, optimize, remove bottlenecks, etc.
- Mentors and advises others, sharing an in-depth understanding of company and industry methodologies, policies, standards, and controls
- Makes recommendations to Business and Technology leadership to ensure alignment of infrastructure applications and data with current and future security standards
- Responds to escalated security issues for enterprise systems; facilitates advanced diagnosis and troubleshooting when necessary
- Provides input into security breach response procedures; leads security breach response activities
- Leads break/fix activities, escalating problems to senior management and/or vendors as appropriate
- Analyzes the output of industry standard cybersecurity tools and identifies remediations to reduce risk and exposure of applications
- Completes custom enhancements of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities
- Evaluates entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities
- Evaluates complex application and hosting environments to identify potential weaknesses and provide remediation plans to reduce risk
- Designs application pipelines with secure configuration parameters to remove or reduce known threat vectors
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
5,001-10,000 employees
