Sr. Technical Engineer, Information Security (Data Security & Encryption)

About The Position

Requirements

• Bachelor's Degree in Computer Science, CIS, Engineering, Cybersecurity, or a related field (or equivalent work experience in a related field)
• 5 Years of experience in technology system support, software development, or a related field
• 2 Years of experience with information security applications and systems
• 2 Years of experience with Data Security and Encryption
• 2 Years of experience working with key management services (i.e; GCP, KMS, AWS).
• 2 Years of experience working with key controls (i.e; Thales, Entrust, Hashi Corp, Vault).
• 2 Years of experience working with HSMS (Hardware Software Model Systems) or KMIP.

Nice To Haves

• Masters Degree in Computer Science, CIS, Business Administration, or related field
• 4 Years experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC)
• 1 Year of DevOps experience
• 3 Years of experience evaluating entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities.
• 3 Years of experience in the custom enhancement or development of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities.
• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
• Advanced understanding of information security practices and policies
• 5 Years of IT experience developing and implementing business systems within an organization.
• 5 Years of experience working with defect or incident-tracking software
• 5 Years of experience writing technical documentation in a software development environment
• 3 Years of experience working with an IT Infrastructure Library (ITIL) framework
• 3 Years of experience leading teams, with or without direct reports
• 5 Years experience working with source code control systems.
• Experience working with Continuous Integration/ Continuous Deployment tools.
• 5 Years of experience in systems analysis, including defining technical requirements and performing high-level design for complex solutions
• Experience with Cloud technologies.

Responsibilities

• Serves as a Sr. technical engineer for project teams throughout the implementation and maintenance of assigned information security solutions; defines and oversees the documentation of detailed standards (e.g., guidelines, processes, procedures)
• Support the discovery process to identify data security risks, vulnerabilities, and compliance requirements across the organization.
• Support the design and implementation of a robust data security program encompassing use case identification, customer-managed encryption keys (CMEK), and sensitive data protection mechanisms.
• Develop and implement data security policies, standards, and procedures in alignment with industry best practices and regulatory requirements.
• Collaborate with cross-functional teams to integrate data security controls into existing systems, applications, and workflows.
• Design and implement security monitoring and incident response mechanisms to detect, respond to, and mitigate data security incidents in a timely manner.
• Provide technical expertise and guidance to internal teams on data security best practices, encryption technologies, and secure development methodologies.
• Stay abreast of emerging threats, vulnerabilities, and technologies in the field of data security, and recommend proactive measures to mitigate risks and enhance security posture.
• Participate in vendor evaluations and selection processes to procure security tools, technologies, and services that support the data security program.
• Assists the Information Security team in monitoring security systems, reviewing logs, and managing information security systems.
• Facilitates effective collaboration with other technology teams including Engineering to design and implement remediation solutions.
• Supports the technical evaluation of new security technologies that address both current and future needs based on emerging threats and industry trends.
• Keeps up to date with exploits relevant to the retail sales environment, and research possible preventative measures.
• Solves complex cross-functional architecture/design and business problems; solutions are extensible; works to simplify, optimize, remove bottlenecks, etc.
• Makes recommendations to Business and Technology leadership to ensure alignment of infrastructure applications and data with current and future security standards.
• Responds to escalated security issues for enterprise systems; facilitates advanced diagnosis and troubleshooting when necessary.
• Helps oversee the implementation of hardware and software changes into environments to ensure security requirements are met.
• Provides input into security breach response procedures; leads security breach response activities.
• Leads break/fix activities, escalating problems to senior management and/or vendors as appropriate.
• Completes custom enhancements of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities.
• Evaluates complex application and hosting environments to identify potential weaknesses and provide remediation plans to reduce risk.