The Senior Security Engineer will be responsible for designing, implementing, and maintaining a security program including risk management processes and security measures that protect the company’s systems, networks, and data. The Senior Security Engineer will work closely with other IT and security professionals to ensure that the organization’s assets are secure and compliant with relevant regulations.
Responsibilities
Key Performance Indicators
- Information Security Program Design, Implementation, and Maintenance
- Cyber Incident Response
- Vulnerability Management
- Security Compliance
- Security Awareness Training
- Risk Management
- Identify and Access Management
- Cloud Security
- Continuous Improvement of Security Posture
Responsibilities:
- Design and implement secure architecture for applications and infrastructure (onsite and in the cloud).
- Develop and maintain security policies, standards, and guidelines.
- Work with enterprise systems team to develop and implement code scanning into the CI/CD pipelines.
- Implement vulnerability security testing tools and frameworks.
- Conduct threat modeling and risk assessments.
- Assist in assessing readiness and in passing compliance audits for applicable data protection laws and regulations (i.e., PCI, DSS)
- Assess gaps in security practices and propose appropriate solutions.
- Collaborate with development, operations, and IT teams to promote security best practices, including service level agreements, availability, continuity, system security, documentation, technology adoption, and planning.
- Advocate for security within the organization.
- Participate in the preparation and execution of cyber security incident response plans, exercises, and events.
- Assist in preparing and exercising resilience, incident response, business continuity, and disaster recovery plans.
- Support Security Awareness Program.
- Manage annual third-party penetration testing and findings to remediation.
- Build and participate in a third-party risk management program.
- Perform vendor and partner risk assessments.
- Perform security audits on applications and infrastructure.
- Perform other security projects as needed.
- Stay updated with the latest security trends, threats, and technologies.
Qualifications
Basic Qualifications:
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
- Minimum of 10 years as a security engineer or similar role.
- Strong understanding of network security, cryptography, and secure coding practices.
- Experience with security protocols and technologies, including SSL/TLS, VPNs, and multi-factor authentication (MFA).
- Relevant security certifications (CISSP, CEH, OSCP).
- Exposure in scripting languages (e.g., Python, Bash) for automation and security tool integration.
- In-depth knowledge of security best practices and frameworks (e.g., OWASP, NIST).
- Experience with Azure cloud security or similar cloud platforms.
- Familiarity with security tools and technologies, such as firewalls, IDS/IPS, SIEM, and antivirus software/EDR.
- Excellent problem-solving and analytical skills.
- Effective communication and people skills.
Preferred Qualifications:
- Master’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
- Knowledge of regulatory requirements and standards, such as ISO 27001, NIST, and GDPR.