This posting has been closed |
ON TO THE POSITION OVERVIEW….
The IT Cyber Security Engineer is to ensure the confidentiality, integrity, and availability of the corporate enterprise network are maintained at a high level of security, by implementing proven technologies and robust security standards. This position is a highly visible role within the organization. Given the nature of the work, in addition to being conversant with technology, the candidate must be very well-organized, self-motivated, curious, display a strong attention to detail and enjoy working in a fast-paced environment.
Additionally, the IT Cyber Security Engineer will work to normalize new data utilizing the Common Information Model, maintain relationships with data producers to ensure continuity of data during enterprise/infrastructure changes, and create and enforce logging standards. This engineer will also be responsible for developing content to support security and operational monitoring and alerting to various teams and lines of business and other third-party orchestration.
RESPONSIBILITIES
- Advanced knowledge of IT Security theory/practices
- Demonstrated success leveraging automation (e.g. Chef, AWS, Ansible), including bash/java/python scripting, to improve speed of infrastructure management.
- Advanced knowledge of IT Risk theory/practices
- Advanced knowledge of IT Security Engineering principles
- Experience in Active Directory and Microsoft MFA Security Solutions
- Develops and maintains security systems including but not limited to: Anti-Malware, Security Awareness Training, Web and Email Content Filter, Identity Management, Access Control, Privileged Access, Log Correlation and Analysis systems and solutions.
- Building automation, dashboards, correlations, key performance indicators, to empower security operations by improving the quality of their threat detection capabilities.
- Clear understanding of network security controls, firewalls, intrusion prevention systems, security information event management systems, and security standards
- Working experience with cybersecurity infrastructure building blocks (e.g. firewalls, IDS, IPS, SIEM, DNS, routers, SSL Inspection, switches, load balancers, and anti-malware)
- Experience with securing, implementing and managing systems and networks mixing Windows, Linux, Unix, and Mac OS devices
- Experience working in Security Operations Center (SOC) and Incident Response Teams
- Present to Director IT security reports weekly on progress, problems and solutions
- Excellent oral, written, presentation and interpersonal communications skills; Ability to effectively exercise tact, discretion, judgment and diplomacy when interacting and/or negotiating with internal and external customers
- Understanding of agile and software development life cycle concepts.
- Provide security engineering and architecture input and solutions to the Incident Response activities and processes and perform root cause analyses as part of team.
- Knowledge of Vulnerability Management Systems and Penetration Testing techniques
- Experience using Cyber Security Training tools like Proofpoint
- Experience implementing and managing Identity and Access Management Systems
- Experience in MS Azure, Power BI, MS Project, Visio, Workflows, Process Maps desirable
- Responds to, analyzes, and resolves enterprise security issues, concerns, questions, incidents, and events; evaluates and identifies risks and threats; makes resourceful, practical decisions and addresses unexpected problems; coordinates with departments in the development of information security standards and practices
- Performs Security Incident Detection and Response activities to include: analyzing events and patterns and coordinating response activities; review system security configurations; research technical and security topics and maintain information on industry trends; analyze system logs and access lists.
- Performs vulnerability scans and internal security assessments and tests; develop and maintain scripts, routines, and software to perform vulnerability threat assessments
- Develops and maintains security systems including but not limited to: Anti-Malware, Security Awareness Training, Web and Email Content Filter, Identity Management, Access Control, Privileged Access, Log Correlation and Analysis systems and solutions.
- Performs design review and analysis; perform threat and risk analysis; develop and evaluate plans, principles, and procedures for reducing the overall risk level of the organization.
- Develops and analyze information security models, maintaining methodology to track Security Plans for each sensitive and critical application and general support system within the organizations.
- Develops and maintains enterprise level security policies, standards, guidelines, and procedures to ensure ongoing security compliance; recommend security improvements; ensure that technology decisions are compliant with organizational technology and security strategies.
- Performs other job-related duties as assigned
- Utilize industry standard tools to track and manage cyber security projects
- Provide regular updates of projects to Stakeholders and the Senior Manager
- Coordinate and cyber security projects using agile methodologies or techniques
- Engage with project team members and the wider Karingal and ensure effective communication
- Manage stakeholder expectations and relationships
- Perform scoping and risk assessments
- Develop systems with a focus on future proofing
- Identify opportunities for reducing costs and increasing the value
- Work collaboratively with the managers to identify opportunities for improvement
- Facilitate informed strategic debate, planning & decision making with the management team
- Provide high level strategic advice to the Senior Manager with supporting data and information
- Perform other job-related duties as assigned.
- Act in accordance with all Company policies & procedures.
EDUCATION
- Bachelor’s degree in IT or related field
- OR 3-5 years of Cyber Security experience, including IT Security Operations Engineering OR equivalent experience
MINIMUM REQUIREMENTS:
- Proficiency in Microsoft Office Products
- Ability to work independently, with limited required direction and guidance.
- Analytical and Problem-Solving Skills
- Knowledge of industry standards such as NIST CSF and 800 series, CIS20, COBIT, etc.
- Exceptional interpersonal, motivational and communication skills
- High standard of integrity and reliability
CORE COMPETENCIES
- Customer service & communication
- Customer Focus
- Self-Development
- Cultivates Innovation
- Decision Quality
- Accountability
Skill | Proficiency | Years Experience | Percent Used |
---|---|---|---|
Cyber Security | Any | 100% | |
DevSecOps | Any | 75% | |
Enterprise Security | Any | 75% | |
Information Security | Any | 75% | |
MS Active Directory | Any | 75% | |
MS Azure | Any | 75% | |
NIST | Any | 75% | |
Risk Analysis | Any | 75% | |
Security Engineer | Any | 75% | |
Ansible | Any | 50% | |
Chef | Any | 50% | |
IAM | Any | 50% | |
Risk Assessment | Any | 50% | |
SSL | Any | 50% | |
Vulnerability Managment | Any | 50% | |
Agile Methodology | Any | 25% | |
AWS | Any | 25% | |
BaSH | Any | 25% | |
Compliance | Any | 25% | |
DNS | Any | 25% | |
Firewall | Any | 25% | |
IDS | Any | 25% | |
IPS | Any | 25% | |
Java | Any | 25% | |
Linux | Any | 25% | |
Multi-factor Authentication | Any | 25% | |
Network Security | Any | 25% | |
Penetration Testing | Any | 25% | |
Python | Any | 25% | |
Routers | Any | 25% | |
Scripting | Any | 25% | |
SIEM | Any | 25% | |
Switches | Any | 25% | |
UNIX | Any | 25% | |
Windows | Any | 25% |
- MS Azure
- Python
- Security Engineer
- IDS
- DNS
- SSL
- Enterprise Security
- Linux
- Agile Methodology
- SIEM
- IAM
- NIST
- Switches
- Chef
- Firewall
- Risk Assessment
- Scripting
- Compliance
- Vulnerability Managment
- Cyber Security
- Java
- DevSecOps
- Network Security
- BaSH
- IPS
- AWS
- Risk Analysis
- Windows
- Ansible
- Multi-factor Authentication
- MS Active Directory
- Routers
- Penetration Testing
- Information Security
- UNIX