Security Engineer

SummaryThe Senior IT Security Engineer is responsible for the analysis, development, operation, and interpretation related to information and system security policies and practices. This role requires highly technical and analytical abilities, including strong network administration skills and the use of scripting languages. You will formulate recommendations consistent with directives, policies, standards, and regulations, working independently and exercising judgment in the performance of duties. This position also involves leadership and mentoring for all IT Security personnel.Essential Duties And ResponsibilitiesLeadership and Mentoring: Provide leadership and mentoring for all IT Security personnel, fostering a culture of security awareness throughout the organization.Cloud Security Strategy: Develop and implement comprehensive cloud security strategies to protect our infrastructure, data, and applications hosted on cloud platforms.Security Architecture: Design secure cloud architectures, considering factors such as network security, identity and access management (IAM), data encryption, and secure deployment practices.Risk Assessment and Compliance: Conduct regular risk assessments and vulnerability scans to identify security gaps and ensure compliance with relevant regulations (e.g., PCI-DSS, SOC 2, HIPAA) and industry standards (e.g., CIS benchmarks).Incident Response and Threat Management: Develop and maintain incident response plans, lead investigations into security incidents and breaches, and implement proactive measures for threat detection and mitigation.Identity and Access Management (IAM): Implement and manage robust IAM solutions to control access to cloud resources, including user authentication, authorization, and privilege management.Security Automation: Implement security automation and orchestration tools to streamline security operations and enhance response times to security events.Security Monitoring and Logging: Configure and manage security monitoring tools to continuously monitor cloud environments for suspicious activities and security events. Develop and maintain centralized logging solutions for comprehensive visibility into cloud activities.Security Education and Awareness: Provide security training and awareness programs to educate employees on best security practices.Network and Application Security Controls: Design, deploy, and administer network and application security controls such as intrusion detection/prevention, vulnerability scanning, log reporting, endpoint protection, and encryption capabilities.Technical Solutions and Tools: Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.Security Assessments: Plan and execute security assessments such as penetration tests, vulnerability scanning, and website vulnerability assessments. Report findings and assist with the development and completion of remediation plans.Policy Development and Compliance: Ensure information technology policies are appropriate, achievable, and followed. Participate in developing and administering appropriate sensitive information handling and storage practices.Incident Response: Respond to information system security incidents, including investigation of countermeasures to and recovery from attacks, unauthorized access, and policy breaches. Coordinate with third-party incident responders, including law enforcement.Advisory Role: Provide guidance for IT process and technology improvements with security in mind, and work with software development to create secure development and application configuration standards.After business hours on-call availability/incident response is required.Supervisory ResponsibilitiesNo supervisory responsibilitiesQualificationsBachelor's degree in Computer Science, Information Technology, or a related field or equivalent experience.At least 7 years of experience in network administration with 5 or more years in IT Security.Proven experience in securing cloud environments (Azure, OCI).In-depth knowledge of cloud security principles, best practices, and industry standards.Strong understanding of networking concepts including TCP/IP, DNS, VPN, and firewalls.Experience with security tools such as SIEM, IDS/IPS, WAF, and vulnerability management scanners.Relevant certifications such as GSEC, Security+, or Certified Cloud Security Professional (CCSP) are preferred.Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams.Highly analytical with a strong work ethic and organizational skills.

#J-18808-Ljbffr