Sr Cyber security Engineer

EXPERIENCE:

Minimum of 10 years of experience in Network Security, IT Security, or Cyber Security

Experience using Security Incident and Event Management (SIEM) tools, as well as capture tools such as Wireshark

Expertise in application of regulatory requirements such as California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), HIPPA, SOX IT GCC, FCC

TECHNICAL ABILITY:

• Solid understanding of generally applicable and accepted auditing standards and framework (e.g NIST, COBIT) and best practices for IT services management (e.g., ITIL), government guidelines and laws (e.g. Sarbanes Oxley)
• Solid understanding of network and systems security, system and network configuration, and application security, Scripting Language Python, Powershell
  
  Experience with one or more of the following cyber security domain areas:

Data level encryption, key management systems, web certifications, Incident response and management, application awareness, identity awareness, identity and access management, data handling and classification, web application firewalls, next gen firewalls, network zoning and segmentation, cyber resiliency, secure coding, fraud investigation and response, multi-factor authentication, identity and access management, DLP, forensics, BCP/DR, security within SDLC

ESSENTIAL RESPONSIBILITIES AND PRINCIPAL ACCOUNTABILITIES
Denotes "essential functions" in accordance with the guidelines of The Americans with Disabilities Act.

The essential functions of this position include, but are not necessarily limited to, those specifically identified in this description. The position and its essential functions may change over time and these changes may not necessarily be reflected in the position description. The Company may, at its sole discretion, add to, change, or expand the essential or marginal functions of the position. We will consider for employment qualified applicants with criminal histories as required by local ordinance.

• Develop repeatable application security architectures working with internal and external partners
• Contribute to the development of an Agile methodology architecture and ensure that security practices are being implemented in a repeatable fashion
• Evaluate risk and protect applications against new and emerging threats/threat actors
• Document and diagram administrative / technical controls for systems and architectures
• Integrate security within the various cloud service models (e.g., IaaS, PaaS, SaaS). Able to identify the appropriate security solutions for various cloud implementations
• Perform as a subject matter expert and contribute to the development of company security standards and procedures
• Lead efforts that document and present risks and security issues that could impact the confidentiality, integrity and/or availability of the business (both internally and externally.
• Incident Response: Endpoint Detection and Response EDR
• Performs threat hunting and shares current threat information
• Performs vulnerability validation: Security Scanners, CVE, CVSS
• Extracts threat intelligence through boundary defense: Firewall (architecture, configuration, objects, accounts, and rules review) and Web Security
• Performs host and network forensics (Log Events, PCAPs Indicators of Compromise (IOC's)
  
  Actively participates in annual cyber exercises (Identification, Response, Recovery
  
  Bachelor's degree in Information/Cyber Security, Information Risk, Information Risk Management, Information Systems, Computer Science, Information Management, or related discipline strongly preferred.
  
  CERTIFICATIONS: At least one existing certification in the following, which must be currently maintained and valid:

• Applicable security certifications desired; CISSP, CCSP, CISA, CISM, CRISC, CEH, or advanced degree in InfoSec
• Microsoft Certified Professional/Security Engineer (MCP, MCSE)