The Cyber Security Sr. Engineer supports the secure design, development, and implementation of cybersecurity technologies, safeguards, capabilities, and applications according to reasonable and appropriate security standards and practices. Considers business need, consumers, infrastructure, applications environments and web services from a security perspective and offers balanced recommendations that serve business needs while reducing unwanted risk.
Strongly prefer candidates who have:
- Experience with Amazon Web Services (AWS)
- Experience with Amazon security controls (GuardDuty, CloudTrail, CloudWatch, IAM, Macie)
- Experience with other cloud security controls for vulnerability scanning, configuration management, patch management, security logging.
• Offer to selected candidate will be made contingent on the results of applicable background checks
• Offer to selected candidate in contingent on signing a non-disclosure agreement for proprietary information, trade secrets, and inventions
• Our policy restricts consideration of applicants needing employment sponsorship (visas) to specialty occupations. Sponsorship will not be considered for this position
• Relocation assistance is available
Specialized Knowledge and Skills Requirements
- Demonstrated experience providing customer-driven solutions, support or service
- Demonstrated experience leading project teams.
- Demonstrated experience performing system and application vulnerability assessments.
- Demonstrated experience programming and scripting for automation or integration.
- Demonstrated experience with application design reviews and threat modeling.
- Solid knowledge and understanding of operating systems including MS Windows, IOS, UNIX, and Linux.
- Solid knowledge and understanding of web application security.
- Solid knowledge and understanding of securitythreats, techniques, and landscape.
- Solid knowledge and understanding of threat and vulnerability management.
- Solid knowledge and understanding of database, network, server, and remote connectivity security.
- This position requires travel up to 15% of the time.
- Ability to participate in 24x7 off hour/on call on a rotating basis.
Additional Job Information:
- Evaluates the impact new or updated systems have on the securityinfrastructure.
- Validates controls are functioning as intended.
- Collaborates with other areas of the company to understand needs, evaluate risks, educate, and offer recommendations.
- Works closely with development teams to encourage security-compatible designs during entire software development lifecycle.
- Manages enterprise security technologies and vendor relationships.
- Leads the implementation, administration, and support of enterprise security solutions and tools. Configures solutions and tools to meet needs.
- Leads the implementation, administration and support of enterprise security solutions that allow for mobility.
- Participates as a subject matter expert on security matters in company projects.
Threat and Vulnerability Management
- Conducts threat research. Keeps up-to-date on potential threats and source of threats.
- May be asked to respond to threats, vulnerability, and breach & Incident Response processes to prevent, detect, respond to and recover from security incidents.
- Prepares reports for management and consults with application development and infrastructure teams.
- Performs assessments through penetration testing and ethical hacking.
- Analyzes securityrisks and recommends mitigating and compensating security controls.
- Executes the securityevent correlation and management process.
- Researches and keeps abreast of testing tools, techniques, and process improvements in support of security detection and analysis.
- Manages and supports the resolution of higher profile and complex incidents and work assignments. Follows the appropriate procedure for the type of incident. Coordinates with Security Compliance for disclosures and notifications.
- Leads and participates as required in root cause analysis and restoration of operational services to respond to computer security incidents or intrusions.
- Conducts security reviews. Looks for weaknesses in system design, implementation, or operation that could be exploited. Ensures the right checks and balances are in place.
- Monitors intrusion attempts. Differentiates false positives from true attempts.
- Monitors digitalchannels for securitythreats. Keeps up to date on potential threats and source of threats.
- Researches and keeps abreast of security tool operation, techniques, and process improvements in support of security detection and analysis.
- Provides support for escalated issues.
- Conducts code reviews. Looks for weaknesses in source code.
Project Security Consulting
- Represent Information Security on department and company projects
- Provide recommendations related to risk mitigations
- Communicate risks to project sponsors
- Supply project deliverables as appropriate