The Sr. Cyber Security Engineer is responsible for designing and securing security infrastructure, ensuring a robust and resilient security posture.
This role implements security controls, deploys new security technologies, and works closely with various stakeholders to minimize business disruption.
This role is primarily responsible for the administration of security tools, implementation of security controls in various areas (cloud services, infrastructure, networks, user endpoints, etc.), and the providing of subject-matter expertise where needed.
Education and Experience
- 5+ years of security industry experience or equivalent skill level.
- Bachelor's degree in a relevant field is a plus but not required.
- Advanced understanding of policy and compliance.
- Familiar with scripting languages such as bash, PowerShell, python, KQL.
- Experience securing an environment.
- Experience with DNS and Active Directory.
- Basic programming skills are a plus.
- Experience with systems administration and network infrastructure is required.
- Previously assessed, developed, implemented, operationalized, and documented comprehensive security technologies and processes.
Responsibilities
- Design and secure security infrastructure to ensure a robust and resilient security posture.
- Perform complex deployments of security technologies.
- Execute information security activities such as vulnerability management, application development security, business continuity, networking, risk management, etc.
- Deploy and manage Security Information and Event Management (SIEM), enabling effective log analysis, threat detection, and incident response capabilities.
- Collaborate with cross-functional teams to integrate security controls and protocols into the client's infrastructure and applications.
- Develop and maintain security documentation, including architecture diagrams, standard operating procedures, and incident response playbooks.
- Understand NIST standards, ISO compliance standards, government standards, how those standards impact business operations, and what organizations must do to meet those requirements.
- Stay up-to-date with emerging security threats, vulnerabilities, and industry trends, and proactively recommend and implement countermeasures to enhance the organization's security posture.
- Provide technical expertise and guidance to clients and internal teams on security best practices, technologies, and regulatory compliance requirements.
- Actively research, evaluate, and drive next-generation security technologies and solutions to solve the organization's needs.
- Strong networking and security knowledge.
- Ability to apply secure system design tools, methods, and techniques.
- Strong interpersonal skills and team-oriented attitude.
- Coachable and able to turn feedback into results moving forward.
- Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Superior analytical and critical thinking skills.
- Understanding of how information travels.
- Knowledge of the dark web.
- Familiar with incident response language.
- Well-rounded technical knowledge in Windows, Mac, Linux OS.
- Superior organization, facilitation, and leadership skills.
- Solid understanding of a range of compliance, regulatory, and legal requirements and relevant principles, best practices, and standards across multiple industries (e.g., PCI, SOX, GLBA, CSA, PCI, NIST, ISO, IEEE, FedRAMP, HIPAA, and TCG).
- Knowledge of the MITRE ATT&CK framework and cyber kill chains.
