Sr. Security Engineer

Job Summary

The Sr. Security Engineer will analyze and make recommendations to improve network, system and application architectures. This role will assist in the review and update of cyber security policies, architectures and standards and assist in responding to audits, penetration tests and vulnerability assessments.  This senior level role will help determine how security controls should be designed and integrated and define and design security controls to meet regulatory and contractual obligations.

Duties and Responsibilities

• Research, design, and implement cyber security solutions for organization systems and products that comply with all applicable regulations, security policies and standards.
• Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems.
• Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.
• Work with security information and event management (SIEM) to manage/tune the system, create/manage the detection content and actively watch for alerts.
• Correlate network, cloud and endpoint activity across environments to identify attacks and unauthorized use.
• Supporting automation initiatives via our SOAR platform
• Onboarding and managing log sources
• Research emerging threats and vulnerabilities to aid in the identification of incidents.
• Provide users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis, when necessary.
• Perform security standards testing against IT Assets before implementation to ensure security.
• Define and document how a broader ecosystem impacts the security posture of the current environment
• Participate in the evaluation of products, services, and/or procedures.
• Analyze underlying trends and action plans associated with Information Security and other domains.
• Work with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software.
• Analyze and make recommendations to improve network, system and application architectures.
• Assist in the review and update of cyber security policies, architectures and standards.
• Respond to audits, penetration tests and vulnerability assessments.
• Conduct Information Security risk assessments including development of risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components, as needed.
• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
• Analyze underlying trends and action plans associated with Information Security and other domains

Experience and Education Requirements

• Bachelor's degree in Information Security or equivalent combination of education and experience
• 4-7 years of experience in Information Security 
• Experience scripting/programming automations and detections as code
• Experience with RE2 preferred
• Experience managing SIEM and EDR tools
• CISSP, ITIL, and/or GIAC certification preferred
• Experience with information technology (IT) security principles and methods (e.g., firewalls, DMZs, encryption).
• Experience conducting assessments of the application’s security design for the appropriate security controls.
• Experience applying cybersecurity and privacy principles.
• Experience in Information Security, compliance, assurance, and/or other security standard methodologies and principles.

Knowledge, Skills & Abilities

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Strong work prioritization and planning skills.
• Strong troubleshooting and problem-solving skills.
• Strong interpersonal communication skills, written and verbal.

Other Requirements

• Perform other functions, duties and projects, as assigned.
• Regular and punctual attendance.
• Some travel may be required (less than 10%)

#LI-Remote #LI-MB1