Sr Cybersecurity Info Risk Eng (BC)
New York, NY - Information Technology - Hybrid
Date Posted: 1/26/2023 1:30:40 PM
Senior Cybersecurity Info Risk Engineer
New York, NY (Hybrid)
Japanese Bank in Manhattan.
Focuses on hands on engineering and architecting cybersecurity solutions and ways to protect the firm from various threat actors. Performs as the Subject Matter expert focused in multiple technologies within the Security arena (Unix Security Engineering, IAM, Cloud Security, Data Security, Network Security, Encryption, Privileged Access Management, Federation etc.). Establishes a strategic security architecture vision, including standards and frameworks for medium to large enterprises. Develops and maintains log analysis solutions, including data collection and aggregations, data normalization, and reporting. Review and analysis security logs from a wide variety of sources. Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements. Work with relevant internal IT Application, Infrastructure, Network and Support teams to ensure that security controls are implemented at all significant layers, test those controls and perform gap analysis to find areas of improvement. Strong understanding and hands on implementation experience with SANS/CIS Top 20, NIST CSF, 800-53, ISO27001 and FFIEC CAT controls. Strong Incident Response skillset using MITRE ATT&CK and Cyber Kill Chain frameworks. Being able to conduct threat modeling in order to determine major threats facing the firm. Good understanding of Zero Trust principles. Perform testing to evaluate new products for network and system security controls. Supporting offensive architecture analysis and design of defense-in-depth solutions. Participate in the development of the security roadmap and communicate the Technology Security vision to senior management and technical departments. Works with and / or leads internal implementation teams and internal business organizations to define, document, and present project requirements. Coordinates with project team the implementation, upgrade and maintenance of security solutions. Throughout project lifecycle, tracks and manages project progress against plan schedules, budgets, technical needs, resource requirements, capacity plans and the goals of the business. Creates, maintains and executes required test case scenarios and use cases to verify requirements. Mentor junior team members and inspire them to take on challenging tasks within the department. Monitors data quality and assists in the collection of data for Risk Management and internal auditors.
Please contact Brian Clark at email@example.com