Senior Security Engineer

About The Position

Requirements

• Bachelor’s Degree or equivalent work-related experience in Computer Science, Information Systems, or other Information Technology related field.
• Minimum of 8 years’ of combined Information Technology and Information Security experience, with at least 5 years in a dedicated security role.
• Minimum of 5 years’ experience with regulated environments with compliance requirements (e.g.,NIST,SOC2, PCI DSS, ISO, CIS, HIPAA).
• Minimum of 5 years’ experience leading implementation, optimization, and integration of security technologies across enterprise environments(i.e.Splunk, Tenable IO & SC, ProofPoint).
• Minimum of 5 years’ experience with cloud platforms (AWS preferred).
• CISSP certification is required.

Nice To Haves

• Additional certifications are a plus(i.e.CCSP, AWS-specific certifications).
• Knowledge of AWS monitoring and logging tools such as Cloud watch, Cloud Trail, Security Hub, Guard Duty. etc.is a plus.

Responsibilities

• Take a leading role in securing the systems and data from potential threats or compromise
• Design, implement, and execute systems’ security defenses and capabilities across networks, databases, and internet/web operations
• Develop, implement, and effectively execute the security and monitoring operations
• Investigate security incidents and potential compromises to TCB systems and take actions to protect TCB systems. Utilize forensic best practices to investigate and maintain evidence integrity
• Oversee and enforce identity and access management controls, including privileged access governance, role-based access reviews, and integration of identity systems with enterprise authentication and authorization frameworks
• Consuming and operationalizing threat intel feeds (threat intelligence integration) to create/improve detection rules and make better risk decisions
• Consult on projects, design reviews, threat modeling sessions, and change board process to provide guidance on security architecture, posture, and/or impact as well as to ensure the integrity of new and/or existing business operations
• Continually evaluate TCB systems exposure to existing threats; including but not limited to reviewing security capabilities and provide advice on mitigating controls
• Consult and provide suggestions to management on security related matters
• Produce security metrics, KPIs, and reporting upwards to management or the board
• Stay informed and tuned to security industry trends, potential threats and vulnerabilities
• Research, evaluate, and make recommendations regarding security trends and innovations
• Evaluate system changes across the organization to assess and document the security risk and impact
• Evaluate third-party tools, vendors, or integrations for security risks
• Review and document policies, standards and procedures to maintain compliance
• Evaluate compliance and contractual requirements relative to systems capabilities
• Provide leadership, expertise and solutions on complex initiatives related to security
• Mentor others and may represent management at times
• Takes a leadership role on highly complex projects and provides guidance to less experienced staff
• Operates within TCB’s guidelines pursuant to the Employee Handbook and all Policies and Procedures
• Perform additional duties as requested by Supervisor and/or Management