Sr. Engineer Cyber Security

About The Position

Requirements

• 5+ years of experience as a security engineer or equivalent
• The ideal candidate will have an in-depth understanding of the NIST based on practical working experience and a functional knowledge of security standards such as NERC CIP, ISO 27001, IEC 62443.
• Solid understanding of the OWASP Top 10, OWASP ASVS, and other security frameworks.
• Proven cyber security experience with Firewall, Cloud, and SIEM tools (e.g., Azure, Secureworks MDR, Synk, Fortinet, KnowBe4, BitSight etc.)
• Expert with manual vulnerability testing, exploit development, and static code analysis, using commercial and open-source penetration testing tools like Burp Suite, OWASP ZAP, Metasploit, SQLMap, etc.
• Excellent analytical and problem-solving skills.
• High level of attention to detail and quality of work product.
• Ability to work independently with minimal oversight and within a team environment.
• Strong organizational skills; ability to accomplish multiple tasks within the agreed upon timeframes through effective prioritization of duties and functions in a fast-paced environment.
• Strong written and oral communication skills, including the ability to present ideas and suggestions clearly and effectively.
• Good judgment, a sense of urgency, and a commitment to high standards of ethics, regulatory compliance, customer service, and business integrity.
• Bachelor's degree in Cybersecurity, Computer Science, or related field

Nice To Haves

• Master's degree in Cybersecurity, Computer Science or other relevant technical discipline
• 5+ years of experience in a security engineer or related role.
• 2-5 years of hands-on penetration testing experience.
• 2-5 years' experience using endpoint security tools to investigate.
• Operational experience with incident response, vulnerability management, network and security monitoring.
• Certification in one or more of the following: CISSP, OSCP, OSCE, GPEN, CEH, Azure, Security+.
• Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, local security association member, participated in free skill-building / hacking challenges - SANS Holiday Hack, HackerOne CTF, HackTheBox, etc.).
• Demonstrated ability to lead and mentor security team members, fostering continuous improvement and collaboration.
• Knowledge of AI security and generative AI systems.
• Knowledge of various security and risk assessment tools.
• Familiarity with networking protocols and components.
• Ability to clearly explain complex security issues to leadership.
• Familiarity with regulatory compliance in the Power Industry.

Responsibilities

• Support Doble Cybersecurity Solutions including performing weekly patch management process, maintain NERC CIP compliance and SLAs, weekly customer calls, and contribute to sustaining the product enhancement.
• Lead security activities within the SDLC including Code Reviews, Threat Modeling, SAST, DAST, & SCA.
• Lead Penetration Testing on Doble products such as Web, Thick, and API applications.
• Conduct periodic security reviews to evaluate the effectiveness of existing security measures.
• Collaborate with internal and external stakeholders to ensure technology solutions meet security requirements.
• Serve as a Subject Matter Expert (SME) for Cyber Security for other Departments queries, recommendations and needs.
• Coordinate with different teams within the organization to ensure software, hardware and network security.
• Respond to and mitigate incidents and security threats, performing digital forensics and incident response when necessary.
• Maintain Cybersecurity policies, standards, and procedures.
• Develop training and guidance materials on security awareness and best practices to other personnel.
• Staying up to date with the latest security threats and trends.
• Manage and/or contribute to additional security projects and tasks as needed.
• Ability to prototype and implement new security tools and technologies.