Senior Security Engineer

About The Position

Requirements

• At least 5 years’ experience performing applicable cybersecurity duties that demonstrate a strong system and network security engineering background.
• Extensive experience developing and managing traditional security controls and technologies, such as SIEM, SOAR, IDS/IPS, IDAM, EDR/malware/antivirus and native firewall security, in addition to newer offerings such as data integrity controls, data loss prevention, threat intelligence platforms, deception technologies and application controls.
• Experience applying protections for Amazon Web Services (AWS), Microsoft Entra/AD and VMware as well as cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments.
• Network and encryption experience, including virtual private networks (VPNs), IPsec, SSL/TLS, LDAP and public key infrastructure (PKI).
• Experience and understanding of various regulatory requirements and laws, including but not limited to: Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and Gramm-LeachBliley Act (GLBA). Additionally, experience with one or more of ISO 27001/2 or NIST. • Adept to executing vulnerability and penetration testing requirements.
• Skilled and experienced with developing technical documentation and diagrams.
• Excellence in identifying and communicating business risk related to cybersecurity.
• Track record of acting with an unyielding commitment to integrity, taking pride in performance, being curious and adaptable, communicating effectively and championing team success.
• Bachelor’s degree in computer science, information assurance, MIS or related field is desired.
• CISSP required.
• Minimum of 5-7+ years of related experience required.
• Working knowledge of and hands-on experience with Windows, Linux and Unix.

Nice To Haves

• CISM, CCSP, CEH, CompTIA Security, SANS GSEC or similar certifications are a plus.
• Proficient with scripting in Python, JavaScript, PowerShell, PHP or Ruby is desired.
• Knowledge of and experience applying compliant solutions for one or more of the following: ISO 27001, NIST, PCI DSS, HIPAA, HITECH, SOX, GDPR, or SOC (1/2/3).
• Familiarity with state privacy laws.
• DevOps background with experience in compliance obligations is a plus.

Responsibilities

• Design, implement, maintain, and improve various security solutions, including but not limited to SIEM, SOAR, IDS/IPS, UEBA, email/communications, endpoint protection, and data security/auditing platforms.
• Analyze environments for compliance with policies, standards, regulations, and security best practices; and recommend and implement refinements.
• Develop and improve monitoring and visibility capabilities of information systems, and act as a technical leader for security incident detection, response, handling, and forensics.
• Conduct threat, vulnerability, and risk assessments to understand and eliminate potential system and network vulnerabilities.
• Implement solutions observing compliance – Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. – and privacy laws.
• Lead the development and management of Incident Management programs and objectives including conducting security incident response drills and tabletop exercises.
• Perform as a functional cybersecurity subject matter expert across a wide array of operational service domains including change management, supply chain management, and security awareness.
• Respond to and handle service and escalation tickets and handle other duties as assigned. Engineer
• Remain up-to date on skills/knowledge and current on information security topics, trends, events, and developments.