HonorVet Technologies
Cybersecurity Engineer
HonorVet Technologies, New York, New York, us, 10261
Job Title- Cybersecurity EngineerReq Id- 24-118624Duration: 12+ MonthsLocation: New York City, NYOnsite Role
Responsibilities:
Identify areas for architectural, engineering, and operational improvements and to ensure that the security architecture is suitable and supportable Manage and plan the future technical architecture, providing insight into the future of their area of technology to continually improve effectiveness and efficiency.Conduct design and engineering processes to ensure that security architecture solutions maintain the confidentiality, integrity, and availability of information assets.Understand, review, and approve Cybersecurity Reference Architectures and solutions for applying them.Collaborate with technology and business teams to ensure that the implementation of new technologies and security solutions can be supported and that they are in alignment with security architecture, industry best practice, principles of secure design, and business strategies.Revalidate systems to most recent reference architectures to determine gaps, develop and manage programs to align systems to newest standards and reference architectures. Define the appropriate architecture, technical requirements, and standards necessary to address information security needs for the organization. Perform risk assessments of new and existing technology solutions to identify opportunities for improvement, and engineering solutions to adequately mitigate associated risks.Lead the development and implementation of security technology solutions for complex environments and architecture including cross-platform interoperability, including development of baseline infrastructure and application hardening guides based on industry best practices.Define security configurations and operational standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.Serve as the engineering security expert in application development; database design; network and operating system security design; access and audit control development; and identity management solutions.Develop sets of security principles, technology standards and architectural constructs which guide the solution design, engineering and deployment of IT solutions.Ensure security architecture reviews are conducted for new technology to ensure best practices, document security solutions, and enable common solutions across the enterprise.Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; and preparing cost estimates.Address security requirements within cloud architectures, creating new and evolving security services and standards pertaining to cloud services; consulting with internal and external customers; and developing and documenting strategies, standards, and roadmaps for cloud security components and architectures.
Qualifications:
Must possess active listening, attention to detail, customer service, prioritization, and problem-solving skills.Ability to work independently and strategically.Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.Excellent critical thinking, problem-solving, and decision-making skills.Strong interpersonal, verbal and written communication skills, with the ability to effectively collaborate with both technical and non-technical peers.Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.Extensive hands-on experience with related tools.Solid working knowledge of IT domains.Ability to work under pressure and meet deadlines individually and collaboratively. Think logically, assess problems, and be results-oriented.Ability to identify complex business and technology risks and associated vulnerabilities. Prioritize multiple tasks and switch between tasks quickly.Ability to communicate effectively, both orally and in writing, to interact with team members, customers, management, and support personnel (technical and non-technical).Ability to establish and maintain effective working relationships with employees at all levels within the organization, and with both internal and external customers.
Required Experience: (10 Years)
Must possess an expert/highly proficient in deep understanding of technology and cybersecurity domain principles within the context of Operational Technologies, Signaling Systems and Rolling Stock.Expert/Highly Proficient, knowledge of Concepts, principals and design of data security and disaster recovery processes including threat and vulnerability management; access control; network design and management; identity and access management; and data protection and management.Legal and regulatory compliance requirements as they relate to data and information privacy and security. Expert/Highly Proficient, knowledge of Cybersecurity technologies including identity and access management solutions; intrusion detection/prevention, PKI, security incident and event management solutions and network/firewall technology.Expert/Highly Proficient ability to develop and implement enterprise data security architecture.Design secure solutions and accompanying controls. And Ability to quickly learn and understand new technologies.Expert/Highly Proficient proven ability to manage projects and initiatives.Expert/Highly Proficient ability to fit in with the constant shifting needs and demands of the business Departments.
Must possess at least two of the following professional certifications in subject domain including but not limited to: (Any 2 of this)
Certified Information Security Professional (CISSP),Global Information Assurance Certification (GIAC)Certified Information Security Manager (CISM)Certified in Risk and Information Systems Control (CRISC),Certified Information Systems Auditor (CISA), other related certification(s)
Note:
May mentor less experienced staff. Performs other duties and tasks as assigned.May need to work outside of normal work hours supporting 24/7 operations (i.e., evenings and weekends).Travel may be required to other MTA locations or other external sites.Responsible for financial/budgeting/vendor/contract planning and management.
Responsibilities:
Identify areas for architectural, engineering, and operational improvements and to ensure that the security architecture is suitable and supportable Manage and plan the future technical architecture, providing insight into the future of their area of technology to continually improve effectiveness and efficiency.Conduct design and engineering processes to ensure that security architecture solutions maintain the confidentiality, integrity, and availability of information assets.Understand, review, and approve Cybersecurity Reference Architectures and solutions for applying them.Collaborate with technology and business teams to ensure that the implementation of new technologies and security solutions can be supported and that they are in alignment with security architecture, industry best practice, principles of secure design, and business strategies.Revalidate systems to most recent reference architectures to determine gaps, develop and manage programs to align systems to newest standards and reference architectures. Define the appropriate architecture, technical requirements, and standards necessary to address information security needs for the organization. Perform risk assessments of new and existing technology solutions to identify opportunities for improvement, and engineering solutions to adequately mitigate associated risks.Lead the development and implementation of security technology solutions for complex environments and architecture including cross-platform interoperability, including development of baseline infrastructure and application hardening guides based on industry best practices.Define security configurations and operational standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.Serve as the engineering security expert in application development; database design; network and operating system security design; access and audit control development; and identity management solutions.Develop sets of security principles, technology standards and architectural constructs which guide the solution design, engineering and deployment of IT solutions.Ensure security architecture reviews are conducted for new technology to ensure best practices, document security solutions, and enable common solutions across the enterprise.Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; and preparing cost estimates.Address security requirements within cloud architectures, creating new and evolving security services and standards pertaining to cloud services; consulting with internal and external customers; and developing and documenting strategies, standards, and roadmaps for cloud security components and architectures.
Qualifications:
Must possess active listening, attention to detail, customer service, prioritization, and problem-solving skills.Ability to work independently and strategically.Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.Excellent critical thinking, problem-solving, and decision-making skills.Strong interpersonal, verbal and written communication skills, with the ability to effectively collaborate with both technical and non-technical peers.Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.Extensive hands-on experience with related tools.Solid working knowledge of IT domains.Ability to work under pressure and meet deadlines individually and collaboratively. Think logically, assess problems, and be results-oriented.Ability to identify complex business and technology risks and associated vulnerabilities. Prioritize multiple tasks and switch between tasks quickly.Ability to communicate effectively, both orally and in writing, to interact with team members, customers, management, and support personnel (technical and non-technical).Ability to establish and maintain effective working relationships with employees at all levels within the organization, and with both internal and external customers.
Required Experience: (10 Years)
Must possess an expert/highly proficient in deep understanding of technology and cybersecurity domain principles within the context of Operational Technologies, Signaling Systems and Rolling Stock.Expert/Highly Proficient, knowledge of Concepts, principals and design of data security and disaster recovery processes including threat and vulnerability management; access control; network design and management; identity and access management; and data protection and management.Legal and regulatory compliance requirements as they relate to data and information privacy and security. Expert/Highly Proficient, knowledge of Cybersecurity technologies including identity and access management solutions; intrusion detection/prevention, PKI, security incident and event management solutions and network/firewall technology.Expert/Highly Proficient ability to develop and implement enterprise data security architecture.Design secure solutions and accompanying controls. And Ability to quickly learn and understand new technologies.Expert/Highly Proficient proven ability to manage projects and initiatives.Expert/Highly Proficient ability to fit in with the constant shifting needs and demands of the business Departments.
Must possess at least two of the following professional certifications in subject domain including but not limited to: (Any 2 of this)
Certified Information Security Professional (CISSP),Global Information Assurance Certification (GIAC)Certified Information Security Manager (CISM)Certified in Risk and Information Systems Control (CRISC),Certified Information Systems Auditor (CISA), other related certification(s)
Note:
May mentor less experienced staff. Performs other duties and tasks as assigned.May need to work outside of normal work hours supporting 24/7 operations (i.e., evenings and weekends).Travel may be required to other MTA locations or other external sites.Responsible for financial/budgeting/vendor/contract planning and management.