Venus Fashion
Cyber Security Engineer
Venus Fashion, Jacksonville, Florida, United States, 32290
Cyber Security Engineer
Jacksonville, Florida, United States (Hybrid)
About VENUS
VENUS® is a leader in stylish, on-trend designs in women’s clothing, swimwear and lingerie. Founded in 1982, the Florida-based brand pioneered swim separates and continues to drive newness in fit, fabric and design across all categories. Made for everybody, the collection is offered in a full range of sizes from 2-24. VENUS® is committed to inclusivity, as well as socially- and environmentally responsible business practices that positively impact both people and the planet.
About the Position
Venus Fashion is committed to maintaining the highest cybersecurity standards to protect our business assets and ensure compliance with industry regulations. We are seeking a dedicated Cyber Security Engineer to join our team and help safeguard our systems against emerging threats.
ResponsibilitiesSecurity Awareness & Training:
Design, implement, and administer security awareness programs, including new threat alerts, KnowBe4 training campaigns, and phishing tests.Distribute secure coding training and documentation to development teams and ensure adherence to best practices.
Vulnerability Management:
Conduct monthly and quarterly vulnerability scans (internal and ASV for PCI).Coordinate or directly remediate vulnerabilities to ensure clean tests for audit and compliance purposes.Manage Tenable.io vulnerability management solution.
Policy & Procedure Management:
Create, maintain, and distribute cybersecurity policies, procedures, and incident response plans.Maintain and update cybersecurity policies to ensure employee knowledge and compliance.
Incident Management:
Manage cybersecurity incidents from detection to postmortem, providing executive reports and following alerting procedures.Perform daily checks with Rapid7 InsightIDR SIEM and manage associated components.
Threat Research & Analysis:
Research and analyze the latest cybersecurity trends, threats, and solutions.Stay ahead of threat actors by researching potential targets and evaluating tools to mitigate attacker techniques.
Network Security:
Implement and maintain network security infrastructure, including Palo Alto firewalls and secure web proxies (Umbrella, Zscaler).
Audit Management:
Lead and manage all cybersecurity audits, including but not limited to:
PCI DSS audits, ensuring continuous compliance and implementing new technical controls required for PCI DSS 4.0.Perform regular PCI DSS compliance checks (weekly, monthly, and quarterly) to ensure continuous compliance and avoid issues during annual audits.bi-annual infrastructure and/or accounting audits.Maintain documentation and archive clean scan results for audit purposes.
Coordinate audit activities, prepare necessary documentation, and liaise with auditors to ensure successful audit outcomes.
Tool Management:
Manage various security tools, including Mimecast advanced email security, DUO administration, Symantec messaging gateway, and Crowdstrike endpoint security.
Collaboration & Support:
Work with engineering and desktop support teams to balance security and usability.Ensure active support for the ISO function by management and all departments.
Qualifications
Strong knowledge of DNS, DHCP, Active Directory, PowerShell, CMD line, Unix/Linux terminal (CLI), and TCP/IP.Ability to conduct thorough log analysis, investigation triage, and automation configurations.Security+, Pentest+, or CEH.Additional certifications such as Systems Security Professional (CISSP) or Advanced Security Practitioner (CASP) are highly desirable.Education & Experience
Extensive experience in cybersecurity, particularly with PCI DSS 4 and security frameworks.Proven experience with SIEM tools (e.g., Crowdstrike, Splunk, Logrhythm, Exabeam, InsightIDR) and threat hunting.Experience in implementing and managing security solutions.While a bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field is appreciated, we highly value practical, hands-on experience. Candidates with significant industry experience who demonstrate a strong understanding of cybersecurity industry principles and a proven track record in security tool administration will be considered even if they do not hold a formal degree.Minimum of 3 years of experience in IT security administration or a related role.
Jacksonville, Florida, United States (Hybrid)
About VENUS
VENUS® is a leader in stylish, on-trend designs in women’s clothing, swimwear and lingerie. Founded in 1982, the Florida-based brand pioneered swim separates and continues to drive newness in fit, fabric and design across all categories. Made for everybody, the collection is offered in a full range of sizes from 2-24. VENUS® is committed to inclusivity, as well as socially- and environmentally responsible business practices that positively impact both people and the planet.
About the Position
Venus Fashion is committed to maintaining the highest cybersecurity standards to protect our business assets and ensure compliance with industry regulations. We are seeking a dedicated Cyber Security Engineer to join our team and help safeguard our systems against emerging threats.
ResponsibilitiesSecurity Awareness & Training:
Design, implement, and administer security awareness programs, including new threat alerts, KnowBe4 training campaigns, and phishing tests.Distribute secure coding training and documentation to development teams and ensure adherence to best practices.
Vulnerability Management:
Conduct monthly and quarterly vulnerability scans (internal and ASV for PCI).Coordinate or directly remediate vulnerabilities to ensure clean tests for audit and compliance purposes.Manage Tenable.io vulnerability management solution.
Policy & Procedure Management:
Create, maintain, and distribute cybersecurity policies, procedures, and incident response plans.Maintain and update cybersecurity policies to ensure employee knowledge and compliance.
Incident Management:
Manage cybersecurity incidents from detection to postmortem, providing executive reports and following alerting procedures.Perform daily checks with Rapid7 InsightIDR SIEM and manage associated components.
Threat Research & Analysis:
Research and analyze the latest cybersecurity trends, threats, and solutions.Stay ahead of threat actors by researching potential targets and evaluating tools to mitigate attacker techniques.
Network Security:
Implement and maintain network security infrastructure, including Palo Alto firewalls and secure web proxies (Umbrella, Zscaler).
Audit Management:
Lead and manage all cybersecurity audits, including but not limited to:
PCI DSS audits, ensuring continuous compliance and implementing new technical controls required for PCI DSS 4.0.Perform regular PCI DSS compliance checks (weekly, monthly, and quarterly) to ensure continuous compliance and avoid issues during annual audits.bi-annual infrastructure and/or accounting audits.Maintain documentation and archive clean scan results for audit purposes.
Coordinate audit activities, prepare necessary documentation, and liaise with auditors to ensure successful audit outcomes.
Tool Management:
Manage various security tools, including Mimecast advanced email security, DUO administration, Symantec messaging gateway, and Crowdstrike endpoint security.
Collaboration & Support:
Work with engineering and desktop support teams to balance security and usability.Ensure active support for the ISO function by management and all departments.
Qualifications
Strong knowledge of DNS, DHCP, Active Directory, PowerShell, CMD line, Unix/Linux terminal (CLI), and TCP/IP.Ability to conduct thorough log analysis, investigation triage, and automation configurations.Security+, Pentest+, or CEH.Additional certifications such as Systems Security Professional (CISSP) or Advanced Security Practitioner (CASP) are highly desirable.Education & Experience
Extensive experience in cybersecurity, particularly with PCI DSS 4 and security frameworks.Proven experience with SIEM tools (e.g., Crowdstrike, Splunk, Logrhythm, Exabeam, InsightIDR) and threat hunting.Experience in implementing and managing security solutions.While a bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field is appreciated, we highly value practical, hands-on experience. Candidates with significant industry experience who demonstrate a strong understanding of cybersecurity industry principles and a proven track record in security tool administration will be considered even if they do not hold a formal degree.Minimum of 3 years of experience in IT security administration or a related role.