SME Security Engineer
Posted on Apr 6, 2021 by Request Technology
Remote work is possible for this position.
A prestigious fortune 500 company is on the search for a SME Security Engineer. This SME will be presiding over engineering, infrastructure, cloud operations, applications, and SIEM products. This SME needs to have extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus, and Firewalls. This person needs to have a broad and deep understanding of everything to do with security and must be from a large enterprise environment.
- Participating in the design of solutions to secure E-commerce, business-to-business initiatives, third-party relationships, outsourced solutions, and vendors. Review proposed solutions for adherence to applicable security standards, controls, and policies.
- Participates in the creations of Security Standards in a practical and consumable format. Ensures compliance with applicable security controls. Serves as the subject matter expert in ensuring security standards strike an appropriate balance between security and functionality.
- Analyze the capabilities of threat actors and assess the current security posture against such threats. Make recommendations for ways in which certain technologies may have to be adjusted to further protect the business.
- Review audit findings and collaboratively work with other teams within security and IT to come up with a balanced response strategy.
- Present recommendations for review and validation at the Technical Assurance Group.
- Conducting technology research for innovation, continuous improvement, and knowledge sharing for the Security Engineering space. Develops a subset of the technology strategy as a result of this research.
- Teach, enable, and advocate for key Architecture and Engineering principles for implementation across the technical organization.
- As an expert in specific technical tools, approaches, and platforms, the Security Engineering Technical SME will help drive the adoption of organizational change and maturity in the security space.
- Drive innovation by means of identifying new solutions and integration of existing tools in new ways. Work to drive down technical debt, technology sprawl, and duplication of technologies.
- Facilitate and direct appropriate Centers of Enablement including initiation, administration, and retirement.
- Contribute to talent acquisition and upskilling in area of expertise.
- Bachelor's Degree in Computer Science (related) or equivalent experience.
- Previous experience in defining organization-wide processes and methodologies, a proven leadership/influence style, customer-service oriented demeanor, problem-solving, effective reporting via metrics and indicators, and strong communications are all essential to this function.
- 9+ years of IT Security Experience. Industry certifications are beneficial (ie CISSP, GSEC, etc).
- Highly technical and analytical expertise, with a proven deep background in technology design, implementation and delivery. This individual must be comfortable providing metrics, analysis, and quantitative/qualitative evidence when necessary to drive a security outcome.
- Intermediate to advanced understanding of Cybersecurity threat intelligence and how to integrate threat intelligence into existing processes.
- Intermediate to advanced understanding of networking and network devices, such as Routers, Switches, load balancers, and associated protocols.
- Broad understanding of Systems Security Engineering, NIST security domains, risk processes, and overall security architecture/design as it pertains to the engineering of trustworthy systems. Familiar with regulatory requirements and industry control frameworks such as PCI DSS, GDPR, ISO 27001/27002, NIST SP 800-53, and DoD CMMC.
- Familiar with cloud technologies such as AWS, Azure, and GCP. Comfortable with a Scripting language such as Python, PHP, or Ruby. Familiarity with SQL and SPL.
- Familiar with Microsoft Windows, MacOS, and other enterprise-grade operating systems such as Red Hat Enterprise Linux, Windows Server, and SUSE Linux.
- Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus, and Firewalls. Deep familiarity with newer technologies/offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration (SOAR), deception technologies, and application security controls are highly valuable and will ensure the candidate holistically approaches enterprise security opportunities.
- The Senior Security Engineer will engage with Engineering leaders, Architects, Administrators, Engineers, Project and Program managers to educate, coach, advise and improve the skills of people across the organization.
- Usually functions with a high level of autonomy; require occasional guidance.
- Requires a high level of initiative. Provides technical guidance and consultation.
- Instrumental participant of Communities of Practice and Centers of Enablement.
- Informs better decision making at all levels of the technology organization.
- Demonstrated experience with geographically distributed teams in a matrixed environment.