About the Job:
This Cyber Security Engineer will be a driving force in setting the security and compliance roadmap for the organization. You will be responsible for hands-on design, engineer, configure and integrate system security solutions that provide confidentiality, integrity, availability, authentication, and non-repudiation to meet stated security control objectives.
What You'll Do:
- Work closely with the Director of security operations to understand goals and determine security and compliance requirements.
- Design and implement application and data security solutions to meet business objectives, IT strategic initiatives, corporate and regulatory requirements
- Coordinate with infrastructure and application development project teams to deliver solutions collaboratively, ensuring that corporate security policy, standards and industry best practices are met.
- Drive the selection, POC, implementation and operational deployment of new security technology solutions to ensure the confidentiality, integrity and availability of business data
- Deploy and configure technology, partnering with IT Infrastructure teams and vendor product professional service partners
- Maintain and improve existing security application tool set.
- Deliver and maintain security solutions and process (i.e. vulnerability management, privileged access management).
- Cyber incidents identification and activation of incident response procedures.
- Be an advocate for security and compliance best practices throughout the organization.
- Confirm and document vulnerability and security risks and develop mitigation plans
- Monitor and validate security controls
- Respond to security alerts, incidents and issues
- Ensure security controls meet HIPAA/SOC2 compliance needs and best practices
- Professional certifications in information security management, such as a CISSP or CISM a plus
- Strong familiarity with information security frameworks (e.g. NIST, CIS, or ISO) and experience architecting solutions to meet compliance requirements (e.g. PCI-DSS, GDPR, CCPA).
- In-depth understanding of complex systems such that you can inspire confidence with product development teams and provide technical leadership and engineering practices for the security engineering teams working on building tools and platforms.
- Stay current with developing technologies, emerging threat landscape and predict the impact of changing technologies
- Train and embed security to groups of different disciplines with varying levels of experience
- Deep understanding of security in distributed systems at scale for an engineering organization of >200 developers
- Ability to formulate a clear and actionable plan and execute against it.
- Can successfully work in a fast paced, agile environment with minimal supervision
- Documenting security controls, monitoring and alerting around these controls
- Clear understanding of host operating systems including Linux-focused experience
- Demonstrated best practice usage of security technologies in public cloud environments: Vulnerability scanning and management, SIEM / logging, WAF, security groups and network segmentation, system hardening, incident response and malware prevention
- Problem solving skills and ability to work under pressure in fast paced, customer facing 24/7 production environments
- Self-starter with strong work ethic willing to identify issues and lead them to the conclusion
- Ability to see the big picture and present ideas clearly with demonstrated thought leadership
- Recommend process improvements to ensure system scalability and reliability
- Assist in developing, implementation and configuration of security tooling