Doble Engineering Company
Cyber Security Engineer II
Doble Engineering Company, Marlborough, Massachusetts, us, 01752
Description
We are seeking a Cyber Security Engineer II to join our Cyber Security team in Marlborough, MA. This is an exciting opportunity to apply your security knowledge across a range of strategic initiatives and assessments. This role provides an opportunity to apply your technical skills across various security initiatives while collaborating with IT, engineering, and product teams. You may also have the opportunity to prototype and implement new security tools and technologies. This is a high visibility role requiring an individual who stays on top of the latest security issues and technologies shaping the industry. You will have exposure to emerging trends in areas like cloud, AI security, and critical infrastructure protection. Our environment provides opportunities to translate security concepts into functioning solutions through collaborations with various engineering teams. We welcome passionate candidates to apply even if you meet some but not all qualifications, yet possess core competencies around security assessments, patch management, an understanding of frameworks like NIST, as well as soft skills like communication, analytical thinking, and resourcefulness. This role is based at our Marlborough, MA location, and will report directly to the Cyber Security Manager.ESSENTIAL JOB FUNCTIONSSupport Doble Cybersecurity Solutions including performing weekly patch management process, maintain NERC CIP compliance and SLAs, weekly customer calls, and contribute to sustaining the product enhancementAssist in security activities within the SDLC including Code Reviews, Threat Modeling, SAST, DAST, & SCAResponding to security incidents and working with other IT professionals to address and resolve themLead Penetration Testing engagements on Doble products such as Web, Thick, and API applicationsConduct periodic security reviews to evaluate the effectiveness of existing security measuresCollaborate with internal and external stakeholders to ensure technology solutions meet security requirementsStaying up-to-date with the latest security threats and trendsProviding training and guidance on security awareness and best practices to other personnelTake on additional security projects and tasks as needed
EDUCATION:Bachelor's degree in Cybersecurity, Computer Science, or related field. Master's degree is preferred.REQUIRED EXPERIENCE:3-5 years' experience as a security engineer or equivalentStrong knowledge of one or more of security standards including NERC CIP, NIST CSF, ISO 27001, IEC 62443Knowledge of the OWASP Top 10, OWASP ASVS, and other security frameworks.Familiarity with security platforms such as Azure, Secureworks MDR, Synk, Knowb4, BitSight etc.Hands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open-source penetration testing tools like Burp Suite, OWASP ZAP, Metasploit, SQLMap, etc.Excellent analytical and problem-solving skillsAbility to work independently with minimal oversight and within a team environmentExcellent time management, organizational, and verbal and written communication skillsHigh level of attention to detail and quality of work product
PREFERRED EXPERIENCE (Not Required):2+ years of hands-on penetration testing experience.Relevant security certifications such as OSCP, CEH, CPT, GPEN, Security+Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, local security association member, participated in free skill-building / hacking challenges - SANS Holiday Hack, HackerOne CTF, HackTheBox, etc.)Knowledge of AI security and generative AI systemsFamiliarity with networking protocols and componentsParticipation in incident response as an analyst or coordinatorAbility to clearly explain complex security issues to leadershipFamiliarity with regulatory compliance in Power Industry
Knowledge, Skills & AbilitiesAnalytical skills to diagnose technical problems and investigate vulnerabilitiesAttention to detail gathering security requirements and assessing risksAbility to interpret trends, threat intelligence, and translate findings into actionable strategyProcess knowledge related to compliance, change management and access controlsExcellent communication skills for advising both technical and non-technical groupsOccasional travel up to 10% may be required for this positionOccasional off hours work may be required in instances where customer support and/or security incident response is necessary
PHYSICAL REQUIREMENTS:While performing the duties of this job the employee is often required to stand, sit, use computers, read, write, type, use copy machines, file paperwork, use telephones, and utilize written and oral communication to interact with clients, co-workers, and customers. Reasonable accommodations may be made to enable individuals to perform the essential functions of this job. Must be capable of lifting 30 pounds.
Actual base salary offered to the hired applicant will be determined based on their work location, level, qualifications, job related skills, as well as relevant education or training experience.Salary Pay Range Minimum $100,603.37 - Midpoint $125,754.21
Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesWe are an Equal Employment Opportunity employer that values the strength diversity brings to the workplace. All qualified applicants, regardless of race, color, religion, gender, sexual orientation, marital status, gender identity or expression, national origin, genetics, age, disability status, protected veteran status, or any other characteristic protected by applicable law, are strongly encouraged to apply.The Americans with Disabilities Act of 1990 (ADA) prohibits discrimination by employers, in compensation and employment opportunities, against qualified individuals with disabilities who, with or without reasonable accommodation, can perform the "essential functions" of a job. A function may be essential for any of several reasons, including: the job exists to perform that function, the employee holding the job was hired for his/her expertise in performing the function, or only a limited number of employees are available to perform that function.Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
We are seeking a Cyber Security Engineer II to join our Cyber Security team in Marlborough, MA. This is an exciting opportunity to apply your security knowledge across a range of strategic initiatives and assessments. This role provides an opportunity to apply your technical skills across various security initiatives while collaborating with IT, engineering, and product teams. You may also have the opportunity to prototype and implement new security tools and technologies. This is a high visibility role requiring an individual who stays on top of the latest security issues and technologies shaping the industry. You will have exposure to emerging trends in areas like cloud, AI security, and critical infrastructure protection. Our environment provides opportunities to translate security concepts into functioning solutions through collaborations with various engineering teams. We welcome passionate candidates to apply even if you meet some but not all qualifications, yet possess core competencies around security assessments, patch management, an understanding of frameworks like NIST, as well as soft skills like communication, analytical thinking, and resourcefulness. This role is based at our Marlborough, MA location, and will report directly to the Cyber Security Manager.ESSENTIAL JOB FUNCTIONSSupport Doble Cybersecurity Solutions including performing weekly patch management process, maintain NERC CIP compliance and SLAs, weekly customer calls, and contribute to sustaining the product enhancementAssist in security activities within the SDLC including Code Reviews, Threat Modeling, SAST, DAST, & SCAResponding to security incidents and working with other IT professionals to address and resolve themLead Penetration Testing engagements on Doble products such as Web, Thick, and API applicationsConduct periodic security reviews to evaluate the effectiveness of existing security measuresCollaborate with internal and external stakeholders to ensure technology solutions meet security requirementsStaying up-to-date with the latest security threats and trendsProviding training and guidance on security awareness and best practices to other personnelTake on additional security projects and tasks as needed
EDUCATION:Bachelor's degree in Cybersecurity, Computer Science, or related field. Master's degree is preferred.REQUIRED EXPERIENCE:3-5 years' experience as a security engineer or equivalentStrong knowledge of one or more of security standards including NERC CIP, NIST CSF, ISO 27001, IEC 62443Knowledge of the OWASP Top 10, OWASP ASVS, and other security frameworks.Familiarity with security platforms such as Azure, Secureworks MDR, Synk, Knowb4, BitSight etc.Hands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open-source penetration testing tools like Burp Suite, OWASP ZAP, Metasploit, SQLMap, etc.Excellent analytical and problem-solving skillsAbility to work independently with minimal oversight and within a team environmentExcellent time management, organizational, and verbal and written communication skillsHigh level of attention to detail and quality of work product
PREFERRED EXPERIENCE (Not Required):2+ years of hands-on penetration testing experience.Relevant security certifications such as OSCP, CEH, CPT, GPEN, Security+Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, local security association member, participated in free skill-building / hacking challenges - SANS Holiday Hack, HackerOne CTF, HackTheBox, etc.)Knowledge of AI security and generative AI systemsFamiliarity with networking protocols and componentsParticipation in incident response as an analyst or coordinatorAbility to clearly explain complex security issues to leadershipFamiliarity with regulatory compliance in Power Industry
Knowledge, Skills & AbilitiesAnalytical skills to diagnose technical problems and investigate vulnerabilitiesAttention to detail gathering security requirements and assessing risksAbility to interpret trends, threat intelligence, and translate findings into actionable strategyProcess knowledge related to compliance, change management and access controlsExcellent communication skills for advising both technical and non-technical groupsOccasional travel up to 10% may be required for this positionOccasional off hours work may be required in instances where customer support and/or security incident response is necessary
PHYSICAL REQUIREMENTS:While performing the duties of this job the employee is often required to stand, sit, use computers, read, write, type, use copy machines, file paperwork, use telephones, and utilize written and oral communication to interact with clients, co-workers, and customers. Reasonable accommodations may be made to enable individuals to perform the essential functions of this job. Must be capable of lifting 30 pounds.
Actual base salary offered to the hired applicant will be determined based on their work location, level, qualifications, job related skills, as well as relevant education or training experience.Salary Pay Range Minimum $100,603.37 - Midpoint $125,754.21
Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesWe are an Equal Employment Opportunity employer that values the strength diversity brings to the workplace. All qualified applicants, regardless of race, color, religion, gender, sexual orientation, marital status, gender identity or expression, national origin, genetics, age, disability status, protected veteran status, or any other characteristic protected by applicable law, are strongly encouraged to apply.The Americans with Disabilities Act of 1990 (ADA) prohibits discrimination by employers, in compensation and employment opportunities, against qualified individuals with disabilities who, with or without reasonable accommodation, can perform the "essential functions" of a job. A function may be essential for any of several reasons, including: the job exists to perform that function, the employee holding the job was hired for his/her expertise in performing the function, or only a limited number of employees are available to perform that function.Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)