The Security Engineer Level 2 at One Step Data, Inc., designs, implements, and maintains security solutions to protect organizational and client assets. This role involves leading projects, managing incident responses, ensuring compliance with relevant regulations (including Arizona's data breach notification laws), and mentoring junior staff to ensure a strong security posture aligned with industry best practices.
Responsibilities
- Design and implement security controls and architectures tailored to each client's unique needs to safeguard data and systems.
- Lead the integration of cybersecurity best practices into development and deployment processes, collaborating with internal teams and clients.
- Help design, implement, and maintain security tools, processes, and policies to ensure client product and system security, ensuring compliance with relevant standards (e.g., NIST, CIS, ISO 27001, HIPAA, PCI DSS).
- Lead vulnerability assessments and penetration testing to identify and mitigate risks, ensuring timely remediation of critical vulnerabilities across multiple client environments.
- Manage incident response processes, coordinate with stakeholders (including clients) during incidents, ensure compliance with Arizona's data breach notification laws, and conduct post-incident reviews.
- Develop and update security policies and procedures; conduct training programs to educate both internal staff and client employees on best practices.
- Manage security-related projects from start to finish; mentor junior security engineers to enhance their skills.
- Monitor network traffic and security alerts for potential threats across multiple client environments.
- Monitor security alerts and events using Security Information and Event Management (SIEM) and other monitoring tools.
- Assist in patch management to ensure systems are updated with the latest security patches for all clients.
- Review and investigate security events to identify vulnerabilities or breaches; communicate findings to clients as necessary.
- Create and maintain regular security status reports for senior management and clients to provide visibility into security posture.
- Support internal and external audits by providing relevant security data and documentation; ensure compliance with regulatory requirements.
- Collaborate with sales and account management teams to assess potential clients' security needs and propose appropriate solutions.
- Implement automation and advanced security tools (e.g., multi-factor authentication, encryption) to efficiently manage security across multiple clients.
Skills, Knowledge & Abilities
- Strong analytical and problem-solving abilities.
- Excellent communication skills, both written and verbal; ability to explain complex security concepts to non-technical clients.
- Ability to work collaboratively in a team environment and with clients.
- Strong interest in learning and growing in the field of cybersecurity.
- Experience with security frameworks (NIST, CIS, ISO 27001).
- Familiarity with cloud security (AWS, Azure, etc.).
- Understanding of common attack vectors and mitigation techniques (e.g., phishing, malware).
- Knowledge of compliance standards relevant to MSP clients (e.g., HIPAA, PCI DSS).
- Experience with automating security tasks and managing security in a multi-client environment.
Preferred Education & Experience
- A Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
- Must have relevant certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), Certified Cloud Advance Security Professional (CASP), SSCP, CISSP or CISM.
- 4 to 6 years of experience in cybersecurity, including at least 2 years as a security engineer; experience in security frameworks (NIST, CIS, ISO 27001) and cloud security (AWS, Azure, etc.).
- Knowledge of network protocols (TCP/IP, HTTP, DNS, etc.).
- Familiarity with firewalls, intrusion detection systems, and vulnerability management tools.
- Knowledge of operating systems (Windows, Linux, MacOS) and basic system administration.
- Experience with common security tools and techniques for identifying and mitigating threats.
- Experience working in an MSP environment or with multiple clients is highly desirable.
- Familiarity with Arizona's data breach notification laws (A.R.S. §§ 18-551 and 18-552) and other relevant state regulations.
