Develop security control automation software to reduce our attack surface, proactively discover vulnerabilities, and reduce response and recovery times. Optimize security tool deployments and introduce scalable remediation processes across multiple engineering and operation teams. Develop governance and procedures to secure coding practices within the software development lifecycle and augment Development Security Operations (DevSecOps) program with subject matter expertise. Contribute and collaborate with other Trust Office team members across the broad spectrum of Cybersecurity programs, such as Security Operation Center, Threat & Vulnerability Management, and Compliance.
This role is responsible for managing and leading the development, sustainment, and operational alignment of the Security Engineering team; coordinating with companywide engineering and architecture teams are instrumental in building tailored and innovative security software to enhance enterprise cybersecurity.
- Provide technical leadership for team members and colleagues to enable effective and timely delivery of security designs, solutions, tools, practices, and processes across the enterprise.
- Facilitate effective design, development and delivery of technical security solutions that consistently meet industry standards and user requirements.
- Plan, oversee and participate in projects related to all security disciplines, including, but not limited to:o Architecture design reviews and infrastructure hardening efforts.o Application security assessments and SDLC process improvements.
- Build internal applications and procure tools to discover, evaluate and mitigate security vulnerabilities during development and in production.
- Perform deep analysis of systems to understand limitations and weaknesses to identify cybersecurity challenges.
- Stay current on industry developments to identify emerging security technologies, risks and trends to ensure our systems keep pace with security technology and risk landscape evolution.
- Identify opportunities for efficiencies, as well as for improvements in security controls while leading the design and implementation of related improvements.
- Demonstrate technical project management skills, and the capabilities to organize and track own work, and the work of others.
- Maintain the highest level of personal certification, integrity and objectivity, following the company Code of Ethics and NICE inContact policies and procedures at all times.
- Bachelor's degree in Computer science, business information systems, Information Systems Security or related field or equivalent work experience required.
- 8+ years of hands-on experience in cybersecurity, networking, software engineering, and/or systems administration
- 3+ years of engineering management experience, directly managing a team of software/security engineers
- Strong understanding of, and experience with, the full-range of software development lifecycle disciplines. This includes:
- ELK Stack
- API integration with:
- Web Application scanners
- Code Inspection software
- Security Information and Event Management platforms
- Endpoint Detection and Response platforms
- Data Loss Prevention software
- A strong bias towards automation and innovative thinking
- Experience with, and strong knowledge of, modern systems engineering tools, architecture, technologies and best practices
- Extensive experience programming in Python, Angular, C#, .NET, PHP, or similar languages
- Knowledge of web application security principles and experience securing modern, large-scale web environments
- The ability to build cross-functional partnerships with teams outside of security to accomplish security objectives, improve awareness and gain stakeholder buy-in
- Experience with customer identity, security and data privacy, and standards and technical protocol implementations are critical
- Excellent communication skills, both written and oral
- Certifications in information security or related field (one or more preferred):
- AWS Certified Developer
- Certified DevSecOps Engineer
- Experience managing a team of direct and indirect reports in multiple geographic locations.
- Extensive experience engineering applications on top of cloud IaaS environments
- Working knowledge of runtime application self-protection and security automation controls within the SDLC.