Senior Systems Security Engineer

The Senior Systems Security Engineer is responsible for designing and administering compute and network solutions. This position provides technical design, assistance and support related to desktop and server systems, hardware, or software. Responds to queries, runs diagnostic programs, isolates problem, and determines and implements solution. This position has a hybrid schedule (in-office/home) and reports to the Director of Information Security. Primary Responsibilities Operationalize the Cyber Security function by identification of critical information, threat analysis, vulnerability management, risk assessment and application of countermeasures Identify gaps in the IT and OT environment, and implement appropriate remediating / mitigating controls Define SOPs for operational security and implement controls / tools for data protection and risk management based on industry standards. Own and manage the information security efforts including data protection, risk management and compliance, and product security requirements. Triage cyber security incidents for violations of security standards and privacy principles. Collaborate with Compliance and IT team on internal security risk assessments and security audits; internal and third party for PCI DSS, GDPR, SOC, ISO27001 etc. Recommend or develop new detection logic and tune existing sensors / security controls. Coordinate and facilitate remediation of vulnerabilities identified via scanning, penetration testing, external audit and other relevant sources Coordinate the escalation and resolution of risk, and compliance issues with appropriate stakeholders. Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement. Liaise with relevant parties to commission activities related to contingency planning, business continuity management, and IT disaster recovery. Collect, analyze, and prepare reports and metrices for management and other relevant stakeholders. Good analytical and problem-solving skills with ability to conduct rot cause analysis Excellent Communication skills and ability to interact and manage customer expectations Knowledge, Skills & Abilities Working experience of Linux and / or Windows operating systems Proficient in configuration, integration, implementation & testing of security controls in cloud environment using various tools and technologies (IAM, MFA, SSO, DLP systems, SIEM, SOAR, Secure Configurations, Network/application vulnerability scanners etc.) bility to code and understand Bash / PowerShell / Shell Scripting Understanding of OWASP vulnerabilities and common network/application/API attacks Knowledgeable in writing policies, procedures, and controls in one or more standards/frameworks. Knowledge and experience with privacy, and regulatory compliance standards such as NIST-800, SOC, GDPR, SOX etc. Motivated, self-started, ability to work in a fast-paced environment with good analytical skills bility to handle multiple competing priorities and work well under minimal supervision with attention to detail. Experience/Education 4+ years of IT experience with a focus on cyber security and compliance. Bachelor's degree in Computer Science, Information Systems, or related field. Experience in Microsoft Azure cloud infrastructure and security stack. Experience in implementing and configuring tools and platforms such as SOAR, SIEM, EDR, DLP and GRC Experience in conducting third party security assessments. Experience in scoping and implementing CSF, NIST-800 or similar security framework. CISSP, CISM, COMP TIA Security+, CEH, Azure security or other relevant security certifications. Experience with Data Center companies a plus ll qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, identity, national origin, disability, or protected veteran status.

Created: 2024-11-05