Information Security Engineer
The Intermediate Information Security Engineer is a hands-on team player who provides technical security guidance and leadership with the design, installation, operation, service, and maintenance of a variety of information systems. This individual understands IT Enterprise Architecture and works with other teams to ensure that security standards are created and implemented into project lifecycles. This role identifies security gaps, develops controls, determines functional and non-functional security requirements, and designs solutions that meet business objectives while complying with security standards to achieve Security-by-Design principles based on the needs of the business and organizational security requirements. This position reports directly to the Manager, Information Security and Compliance.
- Assist in developing and maintaining a robust security technology strategy designed to address risks associated with the cloud, data center, and enterprise environments
- Recommend, implement, configure, and maintain technical security solutions designed to protect information assets both on-prem and cloud-based
- Assist in designing and developing security solutions to protect Magic Leap’s cloud infrastructure and overall computing environment that involves various cloud-based applications and services
- Perform vulnerability assessments, security controls checks, and reporting
- Work with project and development teams to identify and define security requirements
- Keep abreast of security industry standards, technology changes, trends, and best practices to ensure public cloud and on-prem environments are properly secured, monitored, and documented
- Partner with Infrastructure and System Engineers to understand and document network control systems/equipment, network diagrams, firewall, and other security system configurations: Review and approve security infrastructure changes as required
- Participate in security incident response activities
- Providing feedback on new and existing security policies, procedures, and standards
- Provide subject matter expertise for architecture, planning, and roadmaps
- Support after hours and weekend change schedules as necessary.
- Assist with other security-related initiatives as they arise
Required Technical Skills:
- 5+ years cloud infrastructure operations or information security experience
- Strong application and infrastructure security experience (i.e., Anti-virus, firewalls, cryptographic management (PKI), network protocols, filtering, etc.).
- Experience with log management and SIEM solutions
- Experience and knowledge in cloud security monitoring tools e.g. Dome9, Evident.io, AWS Security Director, GCP Security Command Center, SumoLogic, ELK, Kibana, etc.
- Proficiency in scripting programming languages – e.g. Python, JSON, Ruby, Powershell
- Solid understanding of the following areas: system administration, IT support, risk management, and change management
- Expert knowledge of Infrastructure Security controls system administration, and business continuity planning and practices. Demonstrated experience with Network security control systems and technologies e.g. VPN gateways, layer 3-7 next-generation firewalls (Palo Alto, Juniper), IPS, ACLs, DLP, NAC, Wireless Systems,
- Strong experience with security tools used to identify security vulnerabilities (i.e. web, OS, infrastructure)
- Familiarity with legal, regulatory, and industry security requirements and frameworks. Including, but not limited to the following: International Organization for Standards (ISO/IEC 27001); Payment Card Industry - Data Security Standards (PCI - DSS); CIS Top 10; NIST Cyber Security Framework
- Team player who is able to work effectively at all levels of an organization with the ability to influence others to move toward consensus
- Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work products
- Highly self-motivated, strong attention to detail, with strong analytical and problem-solving skills
- Strong verbal and written communication skills
- Strong interpersonal and conflict management skills
- Bachelor’s degree in Information Systems or related degree, or equivalent job experience
- At least one industry standard certification such as GIAC Security Essentials (GSEC), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or other security vendor certification
- All your information will be kept confidential according to Equal Employment Opportunities guidelines.