Lead Security Engineer
Posted on Feb 23, 2021 by Request Technology - Craig Johnson
Prestigious Fortune 500 Company is currently seeking a Lead Security Engineer/SME. Candidate will be responsible for implementing, maintaining, monitoring, and managing secure solutions. The security engineer is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape. It is important to recognize the senior nature of this role and the expectations regarding innovation, self-motivation, and initiative as they pertain to securing the environment. This role will partner and coordinate with other teams outside of security, and outputs from this role will generally be the result of complex analysis, research, and thoughtful innovation.
As an advanced skill set position, the Security Engineering Technical SME reports to the Cybersecurity Manager and frequently interacts with stakeholders from within and outside of the Information Technology discipline. The Security Engineering Technical SME is responsible for designing security solutions that protect the company but also allow business units to innovate and execute quickly. The Security Engineering Technical SME works closely with many diverse and dynamic teams, including, but not limited to GRC, IT Infrastructure & Operations, application development, security operations, and business unit contacts. This position requires a significant level of analytical thinking to properly deliver outcomes and report on security findings.
Other key responsibilities include:
Participating in the design of solutions to secure E-commerce, business-to-business initiatives, third-party relationships, outsourced solutions, and vendors. Review proposed solutions for adherence to applicable security standards, controls, and policies.
Participates in the creations of Security Standards in a practical and consumable format. Ensures compliance with applicable security controls. Serves as the subject matter expert in ensuring security standards strike an appropriate balance between security and functionality.
Analyze the capabilities of threat actors and assess the current security posture against such threats. Make recommendations for ways in which certain technologies may have to be adjusted to further protect the business.
Review audit findings and collaboratively work with other teams within security and IT to come up with a balanced response strategy.
Present recommendations for review and validation at the Technical Assurance Group.
Conducting technology research for innovation, continuous improvement, and knowledge sharing for the Security Engineering space. Develops a subset of the technology strategy as a result of this research.
Teach, enable, and advocate for key Architecture and Engineering principles for implementation across the technical organization.
As an expert in specific technical tools, approaches, and platforms, the Security Engineering Technical SME will help drive the adoption of organizational change and maturity in the security space.
Drive innovation by means of identifying new solutions and integration of existing tools in new ways. Work to drive down technical debt, technology sprawl, and duplication of technologies.
Facilitate and direct appropriate Centers of Enablement including initiation, administration, and retirement.
Contribute to talent acquisition and upskilling in area of expertise.
The senior security engineer is expected to contribute to the corporate security strategy with security leadership and other senior security staffers and technologists. Recipients of the security engineer's implementations and management include GRC, IT Infrastructure & Operations, application development, security operations, and business unit contacts. With an emphasis on securing systems, applications, third-party connections, service providers, and ancillary systems, the security engineer is responsible for securing business-to-business initiatives, third-party relationships, outsourced solutions, and vendors. To be successful, this individual must fully understand system's life cycle/design and recognize where security input is required and/or valuable.
Bachelor's Degree in Computer Science (related) or equivalent experience.
Previous experience in defining organization-wide processes and methodologies, a proven leadership/influence style, customer-service oriented demeanor, problem-solving, effective reporting via metrics and indicators, and strong communications are all essential to this function.
9+ years of IT Security Experience. Industry certifications are beneficial (ie CISSP, GSEC, etc).
Highly technical and analytical expertise, with a proven deep background in technology design, implementation and delivery. This individual must be comfortable providing metrics, analysis, and quantitative/qualitative evidence when necessary to drive a security outcome.
Intermediate to advanced understanding of Cybersecurity threat intelligence and how to integrate threat intelligence into existing processes.
Intermediate to advanced understanding of networking and network devices, such as Routers, Switches, load balancers, and associated protocols.
Broad understanding of Systems Security Engineering, NIST security domains, risk processes, and overall security architecture/design as it pertains to the engineering of trustworthy systems. Familiar with regulatory requirements and industry control frameworks such as PCI DSS, GDPR, ISO 27001/27002, NIST SP 800-53, and DoD CMMC.
Familiar with cloud technologies such as AWS, Azure, and GCP. Comfortable with a Scripting language such as Python, PHP, or Ruby. Familiarity with SQL and SPL.
Familiar with Microsoft Windows, MacOS, and other enterprise-grade operating systems such as Red Hat Enterprise Linux, Windows Server, and SUSE Linux.
Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus, and Firewalls. Deep familiarity with newer technologies/offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration (SOAR), deception technologies, and application security controls are highly valuable and will ensure the candidate holistically approaches enterprise security opportunities.