Principal Engineer - Information Security

About The Position

Requirements

• Education: Bachelor’s Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience.
• Experience: 8 or more years of directly-related or relevant experience, preferably in information security.
• Behavioral Skills: Conflict Resolution
• Creativity & Innovation
• Decision Making
• Assertiveness
• Influencing Skills
• Planning
• Presentation Skills
• Risk-taking
• Technical Skills: Network Solutions and Systems
• Cybersecurity
• Root Cause Analysis
• Information Security Strategy
• Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)
• Advanced Encryption
• Application Architecture
• Identity and Access Management
• IT Risk Management
• Threat Modelling Tools
• Knowledge: Microsoft Office Suite
• Programming and Development Languages - JavaScript, HTML/CSS, Python, SQL
• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.

Nice To Haves

• Preferred Certifications: Azure Security Engineer Certification
• Certified Cloud Security Professional (CCSP)
• Certification in Information Security Strategy Management (CISM)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Security + Certification
• Systems Security Certified Practitioner (SSCP)

Responsibilities

• Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; oversees risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments.
• Oversees the response to information system security incidents, including investigation of, countermeasures to, and recovery from, computer-based attacks, unauthorized access, and policy breaches; engages, interacts and coordinates with third-party incident responders.
• Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and provides oversight to ensure compliance.
• Provides technical leadership of projects involving large-scale, complex and highly analytical tasks.
• Plans and leads upgrades to security measures and tools for the protections of information systems and networks.
• Formulates methodologies to monitor for as well as respond to security related events and assist in remediation efforts of cyber security incidents.
• Provides technical guidance to the network administrators and system administrators, monitors and maintains the current infrastructure, improves system performance, and automates system administration from security perspective
• Provides technical guidance, coaching, and mentorship to other ISO Engineers in executing their tasks & responsibilities
• Oversees the maintenance of service-level agreements (SLAs) to ensure that security controls are upheld
• Leads implementation of enterprise-wide security policies, procedures, and standards across multiple platform and application environments to meet compliance responsibilities
• Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information
• Develops, refines, and implements security policies, procedures, and standards across multiple platforms and application environments to meet internal and external compliance responsibilities
• Coordinates with other senior technical executives in testing, development, and other IT teams to design, develop and implement security systems that protect company physical and intangible assets effectively
• Reviews technical/functional design documents, build, maintain and implement cybersecurity, data security, and cloud security solutions
• Consults with other business and technical staff on potential business impacts of proposed changes to the security environment
• Provides security briefings to advise on critical issues that may affect the enterprise
• Analyzes and generates insights from the metrics and KPIs gathered for executive review
• Monitors and analyzes emerging cyber threats, vulnerabilities, and exploits relevant to the company’s infrastructure and products
• Works closely with information security and line of business management to identify, formulate and implement information security solutions and controls and to maintain and configure security tooling
• Coordinates with systems and network engineers to ensure servers and network devices conform to security standards and that security devices and controls are working as designed
• Communicates advanced information security concepts with clients, peers, and all levels of management and vendors effectively
• Researches and deploys various tools to help with Cyber Operations, Threat Hunting, Vulnerability Management and Offensive Security, Email Security, Mobile, IoT, Distribution centers and Cloud arenas
• Responds to security alerts and escalates critical incidents to correct support teams and participates in incident response exercises
• Serves as a subject matter expert (SME) for product research and development teams, working closely with software engineers, product management and development, and divisional and corporate information systems

Benefits

• We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day.
• In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness.
• This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave.
• To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more.