Senior Information Security Engineer

This range is provided by The Phoenix Group. Your actual pay will be based on your skills and experience "” talk with your recruiter to learn more. Base pay range $150,000.00/yr - $175,000.00/yr Additional compensation types Annual Bonus Position Overview Our client, a global asset management firm, is seeking an experienced Senior Information Security Engineer to join their security team. Reporting directly to the Chief Information Security Officer (CISO), this role will work closely with IT Infrastructure, Operations, and Network Engineering teams to ensure the security, compliance, and resilience of the firm's IT environment. This is a hands-on technical role requiring deep expertise in security operations, threat intelligence, incident response, and risk mitigation. Key Responsibilities Act as the primary incident response lead, managing detection, analysis, containment, eradication, and recovery from security incidents. Conduct forensic investigations and root cause analysis on security breaches. Maintain and enhance SIEM solutions (Splunk, QRadar, etc.), correlating logs for threat detection and response. Perform and review vulnerability scans (Nexpose, Qualys, Tenable) and coordinate remediation efforts with IT teams. Utilize threat intelligence feeds (MITRE ATT&CK, STIX/TAXII) to proactively identify and mitigate security risks. Lead penetration testing engagements, coordinating external assessments and internal red team exercises. Oversee IAM solutions (Okta, Azure AD, CyberArk), enforcing zero-trust principles and least privilege access controls. Conduct periodic access reviews and enforce compliance with SOX and SSAE-18 requirements. Collaborate with Network Engineering to configure and audit firewall rules (Palo Alto, Fortinet, Cisco ASA) and network segmentation strategies. Deploy and monitor EDR/XDR solutions (CrowdStrike, SentinelOne, Microsoft Defender ATP) to mitigate endpoint threats. Assess security controls for cloud environments (AWS, Azure, GCP) and implement CIS benchmarks and NIST 800-53 controls. Automate security compliance and hardening via IaC tools (Terraform, Ansible, CloudFormation). Maintain and update security policies, standards, and procedures aligned with ISO 27001, NIST CSF, and CIS controls. Lead security awareness training, phishing simulations, and tabletop exercises. Manage third-party vendor risk assessments for cybersecurity compliance. Prepare security KPIs, dashboards, and executive reports for senior management and board-level presentations. Required Qualifications & Experience Bachelor's degree in Computer Science, Cybersecurity, or a related field. 10+ years of experience in Information Security, Cybersecurity, Security Engineering, or Risk Assessment. Expertise in firewall configurations, SIEM solutions, network security, and incident response. Strong experience in IAM, PAM, vulnerability scanning, and penetration testing. Proficiency with forensics tools (Volatility, Autopsy, Wireshark) and threat intelligence platforms. Certifications: CISSP, CISM, CISA, CRISC, or equivalent. Experience with regulatory frameworks such as ISO 27001, NIST 800-53, SOX, and SSAE-18. Hands-on experience with PowerShell, Python, Bash, or automation tools for security operations. Strong verbal and written communication skills, with the ability to present to executive leadership. Financial industry experience is a plus, but not required. This role is ideal for a highly technical security professional who thrives in a fast-paced, regulated environment and enjoys working with cross-functional teams to enhance the security posture of an enterprise. Apply now to be a key player in safeguarding a global financial institution. Seniority level Mid-Senior level Employment type Full-time Job function Information Technology #J-18808-Ljbffr

Created: 2025-02-09