Sr Security Engineer (Data Protection)
Hershey, PA, US
The Hershey Company
Here at Hershey, our purpose is to make more moments of goodness for consumers around the world.Location: Hershey, PA
This position can sit remote.
Position Overview
As a Senior Security Engineer for The Hershey Company, you will design and build a defensible network to minimize cyber risk to the company’s vision to become a leading snacking powerhouse. The team has three major service categories. The first is infrastructure protection, which designs and builds solutions and standards that protect enterprise systems from cyber threats. The second is analytic engineering, which designs and builds solutions that support threat intelligence, detection, investigation, and response to cyber threats. The third is data protection, which designs and builds solutions that classify, detect, and prevent sensitive data disclosure.
The primary focus of this role will be building Hershey's Data Protection service.
Responsibilities
- Work with leadership, customers, and stakeholders in both IT and Information Security to develop requirements based on a changing threat landscape and new digital capabilities.
- Design security solutions that mitigate or reduce cyber risk that is identified via assessments, consultations, and incident response.
- Ideate, initiate, plan, execute, and close security projects in coordination with project management and project resources.
- Implement new security solutions that are prioritized for their effectiveness at reducing cyber risk.
- Implement continuous control monitoring to automate detection and remediation of control deficiencies
- Transition solutions to operational teams for sustained service delivery.
- Research, assess, and continuously improve security solutions to ensure they are maturing and adapting according to the evolving threat landscape and evolving business requirements.
- Write standards, guidelines, processes, and procedures to optimize service delivery and enable our partners to build and operate secure IT solutions.
- Consult with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software.
Summary of Major Duties
- 30% - Research, assess, and continuously improve security solutions.
- 30% - Consult with customers and partners to understand requirements and enable them to design, build, and secure technical solutions securely.
- 30% - Develop requirements, design, and build security solutions.
- 5% - Write standards, guidelines, processes, and procedures.
- 5% - Collaborate with security administrators to ensure sustained service delivery.
Minimum Education and Experience Requirements:
- Bachelor’s degree in computer science, cybersecurity or a related field
- 3-5 years of experience in cybersecurity, especially in a security engineering role
- The ideal candidate will maintain one or more of the following certifications, though they are not required: GSE, GDSA, GCIA, GCIH, GSEC, GCDA, CISSP
- Technical expertise in 2+ security domains between endpoint security, network security, email and web security, data security, identity security, cloud, containers, Operational Technology (OT), vulnerability and configuration management, threat intelligence management, security automation, and security incident and event management (SIEM).
- Full-stack knowledge of IT infrastructure including applications, databases, operating systems, hypervisors, IP networks, storage networks, and backup media.
- Experience with enterprise technology platform implementations.
- Strong working knowledge of IT service management, including change management, configuration management, asset management, incident management, and problem management.
- Proficiency with at least one scripting language (e.g., Python, PowerShell)
- Strong knowledge of common vulnerabilities and exploitation techniques
- Understands business needs and has a commitment to delivering high-quality, prompt and efficient service to the business
- Understands organizational mission, values, and goals and consistently applies this knowledge
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans, or behaviors
- Self-motivated and possessing of a high sense of urgency and personal integrity
Position Overview
As a Senior Security Engineer for The Hershey Company, you will design and build a defensible network to minimize cyber risk to the company’s vision to become a leading snacking powerhouse. The team has three major service categories. The first is infrastructure protection, which designs and builds solutions and standards that protect enterprise systems from cyber threats. The second is analytic engineering, which designs and builds solutions that support threat intelligence, detection, investigation, and response to cyber threats. The third is data protection, which designs and builds solutions that classify, detect, and prevent sensitive data disclosure.
The primary focus of this role will be building Hershey's Data Protection service.
Responsibilities
- Work with leadership, customers, and stakeholders in both IT and Information Security to develop requirements based on a changing threat landscape and new digital capabilities.
- Design security solutions that mitigate or reduce cyber risk that is identified via assessments, consultations, and incident response.
- Ideate, initiate, plan, execute, and close security projects in coordination with project management and project resources.
- Implement new security solutions that are prioritized for their effectiveness at reducing cyber risk.
- Implement continuous control monitoring to automate detection and remediation of control deficiencies
- Transition solutions to operational teams for sustained service delivery.
- Research, assess, and continuously improve security solutions to ensure they are maturing and adapting according to the evolving threat landscape and evolving business requirements.
- Write standards, guidelines, processes, and procedures to optimize service delivery and enable our partners to build and operate secure IT solutions.
- Consult with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software.
Summary of Major Duties
- 30% - Research, assess, and continuously improve security solutions.
- 30% - Consult with customers and partners to understand requirements and enable them to design, build, and secure technical solutions securely.
- 30% - Develop requirements, design, and build security solutions.
- 5% - Write standards, guidelines, processes, and procedures.
- 5% - Collaborate with security administrators to ensure sustained service delivery.
Minimum Education and Experience Requirements:
- Bachelor’s degree in computer science, cybersecurity or a related field
- 3-5 years of experience in cybersecurity, especially in a security engineering role
- The ideal candidate will maintain one or more of the following certifications, though they are not required: GSE, GDSA, GCIA, GCIH, GSEC, GCDA, CISSP
- Technical expertise in 2+ security domains between endpoint security, network security, email and web security, data security, identity security, cloud, containers, Operational Technology (OT), vulnerability and configuration management, threat intelligence management, security automation, and security incident and event management (SIEM).
- Full-stack knowledge of IT infrastructure including applications, databases, operating systems, hypervisors, IP networks, storage networks, and backup media.
- Experience with enterprise technology platform implementations.
- Strong working knowledge of IT service management, including change management, configuration management, asset management, incident management, and problem management.
- Proficiency with at least one scripting language (e.g., Python, PowerShell)
- Strong knowledge of common vulnerabilities and exploitation techniques
- Understands business needs and has a commitment to delivering high-quality, prompt and efficient service to the business
- Understands organizational mission, values, and goals and consistently applies this knowledge
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans, or behaviors
- Self-motivated and possessing of a high sense of urgency and personal integrity
#LI-SM1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation CISSP Cloud Computer Science Endpoint security Full stack GCIA GCIH GSEC Incident response IT infrastructure Monitoring Network security PowerShell Python Scripting SIEM Threat intelligence Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Architect jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information System Security Officer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs