The Security Engineer develops and coordinates the planning, implementation, and communication of activities to ensure the confidentiality, integrity, and availability of information systems. This role will work collaboratively with multiple cross-functional teams such as: Cloud Infrastructure, Engineering, Operations, and the IT Help Desk to implement procedures that identify and eliminate threats and vulnerabilities. It requires technical understanding of systems and security, research and data gathering; regular review and update of procedures; and adherence to a schedule of prescribed activities. This position requires exceptional communication and analytical skills, and a high level of product and applications knowledge, detail orientation and follow through.
- Draw from wide breadth of information security principles to assess potential threats and vulnerabilities.
- Establish cross-functional partnerships to collect threat and vulnerability intelligence.
- Manage system to track the identification, assessment, and resolution of threats identified as potential risk.
- Triage incident response to best leverage resource capacity/capability, prioritize risk, and drive to completion.
- Establish cross-functional partnerships to respond to threat and vulnerability intelligence.
- Research and recommend risk mitigation processes, tools, and personnel.
- Track and report metrics that identify incident and response trends.
- Develop, implement, and adhere to strict compliance policies, procedures, and communication strategies. Inspect and analyze over time.
- Enables successful compliance audits (e.g., SOC, SOX, PCI, BSA, AML, etc.) by producing assigned control evidence. Support business relationships with security auditors.
- Use logic, reasoning, and data to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems. Comfortable gathering information and assisting in driving solutions.
- Partner with internal teams to ensure successful security programs that align with compliance requirements. Understand internal processes and actively educate on requirements.
- Other projects and duties as assigned.
SKILLS & QUALIFICATIONS
- Bachelor’s degree in information security, computer science, engineering or related field or equivalent experience required.
- 4+ years’ experience information security and incident response. Proven ability to develop, communicate, and drive compliance. Advanced technology skills.
- Advanced computer and software engineering skills and experience with documentation, reporting and compliance is a plus.
- Technology experience preferred:
- Security tools: SIEM (log aggregation, threat hunting, alerting), firewalls, TLS, certificates/SSH keys, AV/Malware, device/user policy, vulnerability scanning, IDS/IPS, FIM,
- Networking concepts: DNS, VNets/subnets, telnet/netstat/tracert, black/white-listing, tarpitting,
- Application concepts: IIS, SQL Server , SFTP
- Compliance concepts: GRC, PCI, BSA/AML
- Cloud concepts: Azure Log Analytics, IaaS/PaaS/SaaS, Azure networking, O365, API Key Management, Containers
- Azure Active Directory: SSO, MFA