Senior Cybersecurity Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).
• Minimum of 5-7 years of professional experience in cybersecurity engineering or a similar role.
• Experience with network security and networking technologies (TCP/IP, SASE, ZTNA) and with system, security, and network monitoring tools.
• Proven experience with cloud security platforms (e.g., AWS, Azure, GCP) and best practices.
• Strong practical experience with scripting languages (e.g., Python, Bash) for automation of security tasks.

Nice To Haves

• Experience architecting and implementing security programs based on ISO 27001/NIST 800-171 frameworks.
• Experience analyzing and defining threat/vulnerability risk, impact, and likelihood of exploitation.
• Hands on experience with deployment and configuration of modern security stacks including SIEM, EDR/XDR, and IDS/IPS solutions.
• Comfortable with employing IaC tools to implement required security infrastructure in a cloud based environment.
• Previous experience in leading threat hunting initiatives, incident response, and security related items.
• Certified Information Systems Security Professional (CISSP)
• Comptia Security+
• Certified Cloud Security Professional (CCSP)
• GIAC certifications (e.g., GSEC, GCIA, GCIH)

Responsibilities

• Security Architecture and Design
• Design, implement, and manage enterprise-wide security architecture, ensuring alignment with business objectives and regulatory requirements (e.g., NIST, ISO 27001, PCI-DSS).
• Evaluate, recommend, and deploy new security technologies and tools, including SIEM, EDR, SASE, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners.
• Implement and manage security solutions tailored for a remote work environment, including secure remote access, endpoint security, and data loss prevention (DLP) across distributed endpoints.
• Work collaboratively with the internal Technology team to review internal architecture and provide recommendations for enhancements, improvements, or threat remediation.
• Threat and Vulnerability Management
• Lead efforts in vulnerability assessment, penetration testing, and risk analysis.
• Develop and execute remediation plans for identified vulnerabilities.
• Monitor access and conduct regular security audits and reviews.
• Spearhead communications and coordination with external resources for security evaluations, reviews, and program development.
• Incident Response and Operations
• Act as a lead responder for security incidents, including investigation, containment, eradication, and recovery.
• Develop, maintain, and test the Incident Response plan.
• Manage and operate security tools and platforms, ensuring optimal performance and tuning to minimize false positives.
• Compliance and Policy
• Develop, document, and enforce security policies, standards, and procedures across the organization.
• Ensure continuous compliance with all relevant security regulations and internal policies.
• Collaborate with internal stakeholders and external audit teams on security-related initiatives.
• Mentorship and Leadership
• Provide technical guidance, mentorship, and training to junior cybersecurity analysts and engineers.
• Lead cross-functional projects related to security improvements, policy, and infrastructure.
• Communicate complex security concepts and risks effectively to both technical and non-technical stakeholders.

Benefits

• generous paid time off
• company-covered health insurance
• 5% 401k match
• discounts on all Comfrt products!
• flexibility and collaborative support of a fully remote environment