**Principal Engineer Security Services**
The Principal Engineer Security Services will play a crucial role in ensuring the ongoing security and protection of our company's information assets. They will be responsible for designing, developing, and overseeing the implementation of cybersecurity solutions to safeguard our systems, networks, and data. The Principal Engineer Security Services manages day-to-day security operations, participates in compliance and audit activities, and will establish and maintain effective security measures. This position requires a strong technical background, exceptional problem-solving skills, and a thorough understanding of security best practices.
Responsibilities:
Cybersecurity Strategy and Architecture:
- Architect, design, recommend, implement, and maintain security controls, countermeasures, and procedures in acquisition, development, business processes, and change management lifecycle of information systems; provide oversight to ensure compliance
- Develop and document security policies and processes based on common information security management frameworks (ISO 27001, SOC2)
- Lead the development of the organization's cybersecurity strategy and provide expertise in creating a secure architecture for IT systems and networks
- Collaborate with cross-functional teams to ensure cybersecurity measures align with business goals and regulatory requirements
Security Operations and Incident Response:
- Oversee security operations, including threat monitoring, detection, and incident response
- Develop and maintain an incident response plan, including procedures for handling security incidents, communication protocols, and post-incident analysis
- Monitor information systems for security incidents and vulnerabilities
- Administer and mature Data Loss Prevention and Information Protection policies and solutions
- Oversee the response to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches
- Lead and coordinate incident response efforts to contain, investigate, and mitigate cybersecurity incidents effectively
Vulnerability Management:
- Develop and manage vulnerability assessment and penetration testing programs to identify and remediate security vulnerabilities in a timely manner
- Track and report on the status of vulnerability remediation efforts
- Consult with internal development teams to anticipate threats, advise on defensive coding strategies and remediate vulnerabilities in software
- Proactively anticipate and assess potential items of risk and opportunities of vulnerabilities in the network and systems
- Manage security information and event management (SIEM) systems, analyze logs, and detect potential security breaches
Security Compliance and Auditing:
- Mature and maintain Information Security Management System (ISMS) and further develop security policies, standards and procedures in support of ISO 27001 certification
- Participate in internal and external security audits and risk assessments/reviews, including third-party software, service providers, customers, partner, and vendor audits
- Conduct regular internal security reviews and risk assessments, identify gaps, and recommend appropriate corrective actions
Security Awareness and Training:
- Promote a culture of security awareness across the organization through the development and implementation of regular training programs, awareness campaigns, and communication initiatives
- Provide technical information to systems engineering programs, team members and managers to ensure awareness and compliance with industry standard security best practices
- Provide guidance and training to employees on security best practices, policies, and procedures
Emerging Technologies and Threat Intelligence:
- Monitor industry trends, technologies, threat intelligence, and vulnerability disclosures to stay informed about new vulnerabilities and emerging threats; educate stakeholders and provide recommendations on integration into the organization's security strategy
Security Documentation and Reporting:
- Prepare and maintain accurate and up-to-date security documentation, including policies, procedures, standards, controls, and guidelines
- Prepare regular reports for management on the state of cybersecurity, including risk assessments and key performance indicators (KPIs)
- Develop and deliver clear, concise, and actionable vulnerability reports and recommendations to various stakeholders, including executive leadership, IT, and development teams
Requirements:
- Bachelor's degree in Computer Science, Information Security, or a related field
- 5+ years of experience in IT with a focus on IT security
- Proven experience in information security engineering/administration roles, with a focus on security operations and incident response
- Deep knowledge and experience with cloud security principles
-
