About the job
The Sr. Cybersecurity Engineer is responsible for maintaining and implementing cybersecurity controls and solutions within the company. Reporting to the CISO and working in the Cybersecurity department, this role involves planning, implementing, managing, and upgrading cybersecurity measures to protect the company's data, systems, and networks. The engineer will manage security technology infrastructures, troubleshoot security problems, respond to breaches, and design security architectures to mitigate emerging threats.
Responsibilities
CS Engineering:
- Plan, implement, manage, and upgrade cybersecurity measures to protect the company's data systems and networks.
- Manage security technology infrastructures using Firewalls, WAF, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, Security Audits, etc.
- Troubleshoot security problems.
- Respond to all system and/or network security breaches.
- Participate in the change management process.
- Test and identify network and system vulnerabilities.
- Perform daily administrative tasks, reporting, and communication with relevant departments in the company.
- Review and evaluate installations of firewall, VPN, routers, IDS scanning technologies, and servers.
Security Controls Architect:
- Design security architecture elements to mitigate emerging threats.
- Plan, research, and design robust security architectures for any IT project.
- Identify and communicate current and emerging security threats.
- Ensure the company’s data and infrastructure are protected by enabling appropriate security controls.
- Create solutions that balance business requirements with information and cybersecurity needs.
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
- Consider security requirements of cloud computing including data breaches, hacking, account hijacking, malicious insiders, third parties, authentication, APTs, data loss, and DoS attacks.
- Develop RACI metrics for each technology based on best practices aligned with business needs.
CS Test:
- Perform or supervise vulnerability testing, risk analyses, and security assessments.
- Develop security test use cases for each solution.
- Test security systems based on test use cases to ensure they behave as expected.
- Review and evaluate penetration testing reports.
Qualifications
Knowledge and Experience:
- 4+ years of experience in cybersecurity engineering.
- 2 years of work experience with incident detection, incident response, and forensics.
- Excellent understanding of technology infrastructures using Firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, and Security Audits.
- Security considerations of cloud computing including data breaches, hacking, account hijacking, malicious insiders, third parties, authentication, APTs, data loss, and DoS attacks.
Additional required skills for an IT security engineer may include:
- Secure coding practices, ethical hacking, and threat modeling.
- Python, C++, Java, Ruby, Node, Go, and/or PowerShell.
- IDS/IPS, penetration, and vulnerability testing.
- Firewall and intrusion detection/prevention protocols.
- Windows, UNIX, and Linux operating systems.
- Virtualization technologies.
- MySQL/MSSQL database platforms.
- Identity and access management principles.
- Application security and encryption technologies.
- Secure network architectures.
- Sub-netting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP, and other network routing methods.
- Experience with advanced persistent threats, phishing and social engineering, network access controllers (NAC), gateway anti-malware, and enhanced authentication.
- Cloud computing and containerizations.
- Bachelor’s Degree in IT, systems engineering, or a relevant field.
- Preferable to have two or more information security professional certificates such as: CEH / eJPT, Blue Team certificate, CISSP, GIAC