Security Engineer

About The Position

Requirements

• Bachelor’s degree in technology, engineering, computer science, or a related field
• A minimum of 5 years of experience in progressively senior technical roles with responsibility focused on information security processes, products, and projects
• Very strong knowledge in engineering secure systems
• Experience with securing cloud environments (MS Azure)
• Must have excellent documentation, customer-service, listening, communication and problem-solving skills
• Must be able to implement programs, security technologies and solutions to measure and sustain the security posture of large, complex environments
• Professional certifications such as Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified Information Security Manager (CISM) or equivalent experience is essential
• Must have some combination of strong hands-on experience with at minimum 4 or 5 of the following skills or technologies: Identity and access management systems for hybrid environments, Secure coding practices, Systems engineering, Ethical vulnerability research and threat modeling, Windows, UNIX, and Linux operating systems security, virtualization technology security, container security and serverless computing security, Privileged access management systems for hybrid environments, EDR and/or other endpoint protection technologies, Firewall, intrusion protection and intrusion detection systems, Zero Trust system design, Cloud Native Application Protection Platform (CNAPP) systems, Secure application design principles, Data Classification and DLP solutions, Enterprise vulnerability management, including vulnerability assessment, remediation, and reporting, Incident response, Various networking technologies, including subnetting, NAC, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods, Phishing and social engineering

Nice To Haves

• Experience with Agile methods (Scrum) and DevOps practices is an asset

Responsibilities

• Develops technical security requirements for new products, tools and services envisioned for implementation at BCI
• Help and guide projects during solution design phase
• Collaborates and coordinates with application, operations, and product teams to provide guidance on the development of secure product designs that meet security requirements
• Architects, analyzes, and recommends security controls and procedures in business processes related to the use of information systems and assets, and monitors for compliance
• Provides technical leadership, mentoring and coaching to team members and creates a culture of customer-centricity, accountability, and high performance
• Ability to communicate complex security issues and develop security user stories in language that non-technical stake holders can understand
• Ability to deliver and test security solutions in alignment with industry security standards
• Ability to respond to information security issues at each stage of a project’s lifecycle
• Proactively identifies risks and issues and proposes solutions to remove barriers
• Performs validation and tuning of security testing tools to provide accurate and actionable results that drive improvements to BCI’s overall security posture
• Performs security monitoring of solutions and participates as a subject matter expert in security incident response scenarios
• Ensures that all application and infrastructure solutions are stable, secure, and compliant with security standards and policies
• Undertakes special projects or assignments as required
• Ability to document designs as well as produce technical reports in support of security initiatives
• Performs other related duties as required

Benefits

• comprehensive health & dental benefits
• a defined benefit pension plan
• paid time off