Cyber security engineer

General Description

Applies skills as an experienced professional to ensure the security of enterprises. Recommends methods and techniques to achieve optimal results and helps establish a culture of security across the organization. Supports the achievement of compliance and regulatory goals that are based on the high level of security built into our products. Creates processes to support high quality security-operations, with real-time monitoring of security and compliance in corporate environments with a global user community. The incumbent will need to be highly knowledgeable of the concepts of security, compliance, and assessment as well as have the technical ability to converse with software engineers about their plans and security concerns.

Essential Duties and Responsibilities

• Design, implement, and optimize the SIEM system, including the integration of data sources, correlation rules, dashboards, reports, and alerts.
• Monitor and troubleshoot the performance, availability, and security of the SIEM system.
• Develop and update the SIEM documentation, procedures, and training materials.
• Serve as the subject matter expert (SME) for SIEM & EDR/XDR, solutions within the organization.
• Design, configure, and manage security tools and technologies to detect and mitigate threats, ensuring optimal tuning and integration of SIEM, EDR/XDR technologies.
• Continuously monitor security systems for anomalies and potential security incidents, initiating response protocols and mitigating threats in real time.
• Develop, implement, and maintain comprehensive security policies, procedures, and controls that align with industry best practices and regulatory requirements.
• Conduct thorough security assessments, audits, and penetration testing to identify and address vulnerabilities, enhancing the security posture of the organization.
• Collaborate with IT, network, and development teams to ensure the integration of security considerations in the infrastructure and across the software development lifecycle.
• Provide expert advice and guidance to project teams regarding the selection and implementation of appropriate security technologies.
• Support incident response activities, including forensic analysis and remediation efforts, to minimize impact from security breaches.
• Provide security requirements analysis of enterprise and cloud architectures and designs.
• Identify technical gaps, provide solution recommendations for service acquisitions, development, migration, implementation, and performance, and participate in the activities.
• Explain security controls, requirements, and guidance to security management.
• Aligns security deliverables with legal, regulatory, and contractual requirements that conform with security framework and standards such as NIST SP 800-53 rev 4, NIST-CSF, PCI-DSS, among others.
• Reports on findings and recommendations for corrective action.
• Performs SecOps related assessments as assigned utilizing security tools and methodologies.
• Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of security related scenarios.
• Maintains oversight vendors regarding the security maintenance of their systems and applications.
• Assist in all Cybersecurity audits, risk assessments and regulatory compliance.
• Serve as SME within security projects and perform security operational defined processes.
• Promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the company.
• Address questions from internal and external audits and examinations.
• Create concise and comprehensive reports related to security violations, including recommendations for addressing any identified control weaknesses.
• Participate in pre-defined capacitation training defined by the unit.

Education

Bachelor's Degree in Computer Engineering or Computer Science

Bachelor's Degree from an accredited University/College in Information Systems or related fields

Full bilingual

Experience

8+ years of experience in Security Engineering with SIEM, EDR/XDR, Firewall and WAF technologies.

Certifications / Licenses

CEH, Security+, CISSP

Knowledge, Skills and Abilities (KSA's)

• Strong business acumen: ability to understand the needs and concerns of business stakeholders and colleagues and respond promptly and effectively to stakeholder requests. Ability to conduct analysis on work procedures, business results and recommends changes to improve the effectiveness of the business's management.
• Strong technical acumen: knowledge of Information Security and Information Technology concepts. Ability to write technical instructions using programs and technology. Robust knowledge of applicable local and federal laws, regulations, and guidelines.
• Communication skills: effectively interact with internal and external stakeholders. Ability to foster trusting relationships with colleagues and clients. Highly develop written and verbal communications skills, strong ability to communicate ideas (storytelling). Presents numerical data effectively. Superior communication and interpersonal skills. Excellent report-writing and presentation skills. Polished in preparing presentations, summaries, and reports for all audiences.
• Analytical skills: Stays focused on main issues, prevents irrelevant issues or distractions from interfering with timely completion of assignments. Collects, research and complements data; Synthesizes complex or diverse information. Demonstrates attention to detail; Applies design principles; Generate creative solutions. Strong quantitative, research and analytical skills. Experience with data analysis, persuasive and informative writing, workload management, and process management.

• Problem Solving: Identifies and resolves problems in a timely manner; Develops alternative solutions.
• Project Management: Ability to prioritize and work with multiple projects and tasks with minimum supervision; self-direct and task switch between strategic and tactical initiatives regularly. Capacity to achieve results according to plan ensuring the expected quality. Excellent organization capacity to define priorities, meet deadlines, and flexible to change. Knowledge on project coordination, identification of business needs, work plan, budget control, time management, resource allocation, team management and status reports. Must demonstrate leadership, logic, and reasoning skills.
• Operational/Regulations Processes: Knowledge on budget administration, resources allocation, organizations policies, and regulations. Ability to establish, conduct and track operational processes properly.
• Computer and Technological Skills: Proficient in MS Office 365. Experience with data management tools such as Power Pivot, Power BI, among others is desired. Ability to achieve results by providing innovative ways of working with operational and technological considerations. Knowledge of computer flow charts and programming logic and codes.

Region Locations

Colombia

Work Schedule

Remoto oficina Bogotá debe ir por equipo