Senior Cyber Risk Engineer
Posted on Apr 26, 2021 by Request Technology - Robyn Honquest
Senior Cyber Risk Engineer
Salary: $150k to $160k Flex plus 20% bonus
This is all about risk to the monitoring systems and authorization process in Splunk logging system. You will conduct data analysis to identify enterprise cyber risk information, cyber risk decisions based analysis, cybersecurity assurance control testing and implementing interfaces between tools and solutions. You will be developing alerts and dashboards. Must understand data MDM cloud security structured and unstructured database encryption SIEM Logs Python Scripting Risk GRC NIST 800-53, PCI-DSS HIPAA
Senior Cyber Risk Engineer - Automated Controls Testing
This individual will be primarily focused on continuous development and implementation of Cyber Risk Assurance Automation initiative. This includes implementing interfaces between tools and solutions, designing technical control tests and success criteria, developing alerts and dashboards, and maintaining existing architecture and infrastructure. The person in this role will contribute to the execution of strategic information security architecture to enable effective business operations, manage enterprise risk, and address business or regulatory issues.
How you will make an impact:
Partners with cybersecurity and technology subject matter experts to design control tests that assess the effectiveness of cybersecurity capabilities.
Implements technical interfaces between tools and solutions to automate designed control tests.
Produces timely and effective alerts, dashboards, and metrics to support the results of automated control testing.
Maintains and performs continuous improvement initiatives to existing automated control testing processes, architecture, and infrastructure.
Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
Provides guidance on effectively managing the risk of ineffective capabilities, and influences decision making by educating business stakeholders on the risk.
Works closely with other members of the Cyber Risk team to lead changes in the organization's defense posture.
8+ years of experience in Information Security or a related field.
A complete or working understanding of information security technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, SIEM, active adversary deception, and others.
Knowledge of laws, regulations, and standards, including NIST 800-53, PCI-DSS, HIPAA, and others, and experience in performing control assessments associated with these frameworks.
Relevant security certifications (CISSP, CISM, SSCP, GMON).
Proficiency with at least one interpreted programming language (Python, Ruby, etc).
Proven ability to effectively communicate findings and mitigation strategies to stakeholders and develop comprehensive and accurate reports and presentations for both technical and executive audiences.
Teamwork and ability to promote a working environment that increases collaboration, predictability, transparency and promotes a culture of experimentation, innovation, and taking risks.
Ability to clearly present complex/security subjects and findings to technical staff and management.
Exceptional technical writing skills including documentation development, process mapping, and visualization.
Effective and consistent collaboration through available mediums that enable remote team communication.
Ability to work effectively in a diverse team and promote team diversity.