Senior Cyber Security Engineer

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience
• 5–10+ years of experience in cybersecurity engineering, architecture, or related roles
• Attack surface management and external asset discovery
• Penetration testing methodologies and tools
• Vulnerability management programs and tooling
• Experience securing cloud environments (AWS, Azure, or GCP)
• Solid scripting or programming skills (e.g., Python, Bash, Go)
• Experience building or implementing automation in security workflows
• Strong understanding of networking, systems, and application security principles
• Proven ability to work cross-functionally and drive initiatives independently
• Familiarity with frameworks such as: NIST CSF / NIST 800-82 (ICS security), ISO 27001
• Experience with AI/ML in security (defensive or adversarial contexts)
• Familiarity with modern security tooling (EDR/XDR, SIEM, SOAR)
• Familiarity with commercial or open ASM tooling
• Familiarity with commercial OT security tools (e.g. Claroty / Nozomi / Dragos)
• Experience with DevSecOps and CI/CD security integration

Nice To Haves

• Relevant certifications (e.g., CISSP, OSCP, CEH, GIAC) — valued but not required

Responsibilities

• Lead discovery, assessment, and continuous monitoring of external attack surface (domains, IP space, cloud assets, shadow IT)
• Design and implement controls to reduce exposure and improve resilience
• Conduct and oversee penetration testing activities, coordinating third parties and providing augmentation and oversight
• Build and mature vulnerability management programs, including prioritization and remediation workflows
• Design and implement security solutions across network, cloud, and application layers aligning with industry best practice and compliance standards
• Evaluate and integrate tools for threat detection, prevention, and response
• Define and enforce security standards, patterns, and best practices
• Extend attack surface discovery to include OT assets and unmanaged devices
• Improve unified visibility across IT, cloud, and manufacturing environments
• Address shadow OT / undocumented assets
• Identify opportunities to automate security processes (e.g., vuln triage, asset discovery, alerting, reporting)
• Develop scripts, pipelines, or tooling to improve efficiency and reduce manual effort
• Partner with engineering teams to embed security into CI/CD and operational workflows
• Assess and secure third-party access (vendors, OEMs, remote maintenance channels)
• Evaluate risks in hardware, firmware, and software supply chains
• Support SBOM (Software Bill of Materials) and component traceability initiatives
• Assess risks related to AI-driven threats (e.g., automated attacks, deepfakes, adversarial AI)
• Support design and implement defensive strategies leveraging AI/ML where appropriate
• Provide guidance on secure adoption and creation of guardrails for AI technologies internally
• Work closely with infrastructure, DevOps, product, and leadership teams to align on security priorities
• Translate technical risks into business impact for stakeholders
• Lead or influence security initiatives from concept through execution
• Mentor junior engineers and promote a strong security culture

Benefits

• paid vacation time
• paid sick leave
• medical/dental/vision insurance
• life, accident and disability insurance
• tax-advantaged flexible spending and health savings accounts
• employee assistance program
• other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity
• tuition reimbursement
• transit
• the Applause Program
• employee stock purchase plan
• Sandisk's Savings 401(k) Plan