Cybersecurity Engineer (BC)
Job Location: Warren, NJ
Date Posted: 2020-02-25
Major Insurance Company
The Cyber Security Engineer is a hands-on role that requires a high level of technical expertise. Responsible for the security architecture, solution integration and on-going administration of information security systems, tools, and services across the enterprise.
Support the overall vision and strategy of the Information Security department. Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment. Provide technical expertise for the administration of all security tools. Consult with IT staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, software, and business applications. Monitor and report on emerging risk and compliance with organizational security policies, including the enforcement of policies within the IT department. Recommend and coordinate the implementation of technical controls to support and enforce defined security policies. Effectively and proactively collaborate with staff at all levels of the organization to devise and implement security solutions. Work closely with a 24x7 external cyber threat monitoring service. Maintain and support its on-premise detection technology and SIEM. Respond to, investigate, and where appropriate, resolve or escalate reported security incidents. Provide postmortem analysis to illuminate the issues and possible solutions. Support the Vulnerability Management Program by maintaining its infrastructure and conduct recurring scans of all systems and applications. Provide guidance to System Administrators and Application teams to remediate identified vulnerabilities. Enhance enterprise Data Loss Prevention technologies and procedures. Provide technical guidance, training, and documentation covering the usage and impact of security technology. Monitor security vulnerabilities and the threat landscape. Administer the multi-factor authentication (MFA) and single sign-on (SSO) solutions and continue their integration across various business systems, including SaaS-based platforms. Monitor internal control systems to ensure that appropriate information access levels and security clearances are maintained. Implement controls to manage and monitor privileged access. Provide configuration management guidance to IT staff and ensure systems are hardened to prevent unauthorized access or misuse. Support third party audits and penetration tests. Prepare technical reports for IT senior management. Participate in IT problem and change management forums. Stay current on technology trends.
Bachelor in Computer Science, Information Systems, Cyber Security or equivalent related technical field. At least 5 years’ experience as a Cyber Security Engineer, or comparable role. Certifications in one or more areas or willingness to obtain: CISSP, a GIAC certification (GSEC, GCIH, or other), CEH,ECSA, CompTIA Security+, or comparable. Experience with NIST Cybersecurity Framework, NIST 800-53, ISO 27001/27002, ITIL, COBIT, OWASP. Top 10, CWE/SANS Top 25, and CIS CSC Top 20. Experience with PCI, GDPR, CCPA, HIPAA, ISO, GLBA and SOX compliance assessments. Experience with commercial Vulnerability Management systems (i.e. Rapid7, Tenable, Qualys).
Network security architecture development and definition. Knowledgeable in security concepts related to DNS, routing, authentication, Web Application Firewall (WAF),Identity and Access Management, Endpoint Protection, VPN, IDS/IPS, proxy services and DDoS mitigation technologies. Management of firewalls, intrusion detection systems, and other network security devices. Strong experience in securing Windows environments. Administration of SIEM (Security Information and Event Management) platforms, log collection, and tuning. Incident Management and Response Planning. Knowledge of a managed security service provider models. Secure coding practices, ethical hacking and threat modeling. Familiarity with third-party audits and cloud risk assessment methodologies. Scripting with PowerShell, Batch, Bash or Python a plus. Ability to work well under minimal supervision. Strong oral, written and interpersonal communication skills. Ability to effectively convey complex information. Strong business process knowledge and application of technology solutions. Strongly self-motivated and team oriented. Comfortable working with a variety of technologies supporting large scale deployments, troubleshooting solutions issues and proficient in monitoring and investigating security events. Strong customer/client focus, with the ability to manage expectations appropriately.
Please contact Brian Clark at firstname.lastname@example.org
110K + Bonus
Recruiter LinkedIn Page