Job Openings Cibersecurity Engineer Security Services

About the job Cibersecurity Engineer Security Services

Principal Engineer Security Services

The Principal Engineer Security Services will play a crucial role in ensuring the ongoing security and protection of our company's information assets. They will be responsible for designing, developing, and overseeing the implementation of cybersecurity solutions to safeguard our systems, networks, and data. The Principal Engineer Security Services manages day-to-day security operations, participates in compliance and audit activities, and will establish and maintain effective security measures. This position requires a strong technical background, exceptional problem-solving skills, and a thorough understanding of security best practices.

Responsibilities:

Cybersecurity Strategy and Architecture:

  • Architect, design, recommend, implement, and maintain security controls, countermeasures, and procedures in acquisition, development, business processes, and change management lifecycle of information systems; provide oversight to ensure compliance
  • Develop and document security policies and processes based on common information security management frameworks (ISO 27001, SOC2)
  • Lead the development of the organization's cybersecurity strategy and provide expertise in creating a secure architecture for IT systems and networks
  • Collaborate with cross-functional teams to ensure cybersecurity measures align with business goals and regulatory requirements

Security Operations and Incident Response:

  • Oversee security operations, including threat monitoring, detection, and incident response
  • Develop and maintain an incident response plan, including procedures for handling security incidents, communication protocols, and post-incident analysis
  • Monitor information systems for security incidents and vulnerabilities
  • Administer and mature Data Loss Prevention and Information Protection policies and solutions
  • Oversee the response to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches
  • Work closely with the IT, DevOps, and development teams to identify, assess, and prioritize vulnerabilities across the organization's infrastructure, applications, and systems and ensure security requirements are incorporated into system designs and implementation
  • Lead and coordinate incident response efforts to contain, investigate, and mitigate cybersecurity incidents effectively

Vulnerability Management:

  • Develop and manage vulnerability assessment and penetration testing programs to identify and remediate security vulnerabilities in a timely manner
  • Track and report on the status of vulnerability remediation efforts
  • Consult with internal development teams to anticipate threats, advise on defensive coding strategies and remediate vulnerabilities in software
  • Proactively anticipate and assess potential items of risk and opportunities of vulnerabilities in the network and systems
  • Manage security information and event management (SIEM) systems, analyze logs, and detect potential security breaches
  • Perform scans and report on patch compliance of technology systems and applications

Security Compliance and Auditing:

  • Mature and maintain Information Security Management System (ISMS) and further develop security policies, standards and procedures in support of ISO 27001 certification
  • Participate in internal and external security audits and risk assessments/reviews, including third-party software, service providers, customers, partner, and vendor audits
  • Conduct regular internal security reviews and risk assessments, identify gaps, and recommend appropriate corrective actions


Security Awareness and Training:

  • Promote a culture of security awareness across the organization through the development and implementation of regular training programs, awareness campaigns, and communication initiatives
  • Provide technical information to systems engineering programs, team members and managers to ensure awareness and compliance with industry standard security best practices
  • Provide guidance and training to employees on security best practices, policies, and procedures

Emerging Technologies and Threat Intelligence:

  • Monitor industry trends, technologies, threat intelligence, and vulnerability disclosures to stay informed about new vulnerabilities and emerging threats; 
  • Educate stakeholders and provide recommendations on integration into the organizations security strategy

Security Documentation and Reporting:

  • Prepare and maintain accurate and up-to-date security documentation, including policies, procedures, standards, controls, and guidelines
  • Prepare regular reports for management on the state of cybersecurity, including risk assessments and key performance indicators (KPIs)
  • Develop and deliver clear, concise, and actionable vulnerability reports and recommendations to various stakeholders, including executive leadership, IT, and development teams


Requirements

  • Bachelor's degree in Computer Science, Information Security, or a related field
  • 5+ years of experience in IT with a focus on IT security
  • Proven experience in information security engineering/administration roles, with a focus on security operations and incident response
  • Deep knowledge and experience with cloud security principles
  • Extensive experience in security operations, incident response, and vulnerability management
  • Certifications such as CISSP, CISM, CISA, or other relevant industry certifications are preferred
  • Strong knowledge of network security principles, encryption, authentication, secure coding practices, access controls, and security technologies (e.g., firewalls, IDS/IPS, SIEM)
  • Demonstrated experience in developing and implementing cybersecurity strategies and architectures
  • Knowledge of relevant cybersecurity regulations, standards, and frameworks (e.g., ISO, SOC, PCI-DSS)
  • Experience in IT system administration, network administration, and security operations
  • Excellent interpersonal and communication skills
  • Excellent problem-solving and analytical skills, with the ability to assess and respond to security threats effectively
  • Experience implementing and maintaining SIEM/Log Aggregator solutions
  • Working knowledge of vulnerability/compliance, patch management, anti-malware, APT, identity, and access control management toolsets
  • Strong knowledge of common vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7) and methodologies
  • Experience with Microsoft and Linux-based environments
  • Knowledge of Azure security and networking configurations