Job Details
Description
The Principal Cyber Security Engineer reports to the Director, Cyber Security and is responsible for designing and securing security infrastructure, ensuring a robust and resilient security posture. This role implements security controls, deploys new security technologies, and works closely with various stakeholders to minimize business disruption. This role is primarily responsible for the administration of security tools, implementation of security controls in various areas (cloud services, infrastructure, networks, user endpoints, etc.), and the providing of subject-matter expertise where needed.
Key Responsibilities/ Duties
- Design and secure security infrastructure to ensure a robust and resilient security posture.
- Perform complex deployments of security technologies.
- Execute information security activities such as vulnerability management, application development security, business continuity, networking, risk management, etc.
- Collaborate with cross-functional teams to integrate security controls and protocols into the client's infrastructure and applications.
- Develop and maintain security documentation, including architecture diagrams, standard operating procedures, and incident response playbooks.
- Understand NIST standards, ISO compliance standards, government standards, how those standards impact business operations, and what organizations must do to meet those requirements.
- Stay up-to-date with emerging security threats, vulnerabilities, and industry trends, and proactively recommend and implement countermeasures to enhance the organization's security posture.
- Provide technical expertise and guidance to clients and internal teams on security best practices, technologies, and regulatory compliance requirements.
- Actively research, evaluate, and drive next generation security technologies and solutions to solve the organizations needs.
Knowledge, Skills, Abilities, And Behaviors
- Strong networking and security knowledge.
- Ability to apply secure system design tools, methods, and techniques.
- Strong interpersonal skills and team-oriented attitude.
- Coachable and able to turn feedback into results moving forward.
- Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Superior analytical and critical thinking skills.
- Understanding of how information travels.
- Knowledge of the dark web.
- Familiar with incident response language.
- Well-rounded technical knowledge in Windows, Mac, Linux OS.
- Superior organization, facilitation, and leadership skills.
- Solid understanding of a range of compliance, regulatory, and legal requirements and relevant principles, best practices, and standards across multiple industries (e.g., PCI, SOX, GLBA, CSA, PCI, NIST, ISO, IEEE, FedRAMP, HIPAA, and TCG)
- Knowledge of the MITRE att&ck framework and cyber kill chains.
Education/ Experience
- 10+ years of security industry experience or equivalent skill level.
- Bachelor’s degree in a relevant field is a plus but not required.
- Advanced understanding of policy and compliance.
- Familiar with scripting languages such as bash, PowerShell, python, KQL.
- Experience securing an environment.
- Experience with DNS and Active Directory.
- Basic programming skills are a plus.
- Experience with systems administration and network infrastructure is required.
- Previously assessed, developed, and implemented, operationalized, and documented comprehensive security technologies and processes.
Certifications
- (ISC)² Certified Information Systems Security Professional (CISSP) preferred
- CCSP, AWS CSAP, or similar desired
Physical Demands
Sedentary Work – Exerts up to 10 pounds of force occasionally, a negligible amount of force frequently, and/or constantly having to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time.
Disclaimer
The above information in this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Meriplex Communications and Meriplex Solutions are Equal Employment Opportunity Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.
