Senior Cyber Risk Engineer
Posted on Mar 29, 2021 by Request Technology
*We are unable to sponsor as this is a permanent full time role*
A prestigious company is on the search for a Senior Cyber Risk Engineer. This position is all about risk to the monitoring systems and authorization process in Splunk logging system. They will conduct data analysis to identify enterprise cyber risk and information cyber risk decisions based off the analysis. This engineer will implementing interfaces between tools and solutions, designing technical control tests and success criteria, developing alerts and dashboards, and maintaining existing architecture and infrastructure. They must understand MDM, Cloud Security structured and unstructured database, SIEM Logs, and have python Scripting experience.
- This includes implementing interfaces between tools and solutions, designing technical control tests and success criteria, developing alerts and dashboards, and maintaining existing architecture and infrastructure.
- The person in this role will contribute to the execution of strategic information security architecture to enable effective business operations, manage enterprise risk, and address business or regulatory issues.
- Partners with cybersecurity and technology subject matter experts to design control tests that assess the effectiveness of cybersecurity capabilities.
- Implements technical interfaces between tools and solutions to automate designed control tests.
- Produces timely and effective alerts, dashboards, and metrics to support the results of automated control testing.
- Maintains and performs continuous improvement initiatives to existing automated control testing processes, architecture, and infrastructure.
- Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
- Provides guidance on effectively managing the risk of ineffective capabilities, and influences decision making by educating business stakeholders on the risk.
- Works closely with other members of the Cyber Risk team to lead changes in the organization's defense posture.
- 8+ years of experience in Information Security or a related field.
- A complete or working understanding of information security technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, SIEM, active adversary deception, and others.
- Knowledge of laws, regulations, and standards, including NIST 800-53, PCI-DSS, HIPAA, and others, and experience in performing control assessments associated with these frameworks.
- Relevant security certifications (CISSP, CISM, SSCP, GMON).
- Proficiency with at least one interpreted programming language (Python, Ruby, etc).
- Proven ability to effectively communicate findings and mitigation strategies to stakeholders and develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Teamwork and ability to promote a working environment that increases collaboration, predictability, transparency and promotes a culture of experimentation, innovation, and taking risks.
- Ability to clearly present complex/security subjects and findings to technical staff and management.
- Exceptional technical writing skills including documentation development, process mapping, and visualization.
- Effective and consistent collaboration through available mediums that enable remote team communication.
- Ability to work effectively in a diverse team and promote team diversity.