Cybersecurity Engineer 442559

Job Description:

• The Cybersecurity engineer is responsible for facilitating security efforts between the Cybersecurity Organization and the development teams creating services on the data platform. 
• Security Engineers will help development teams identify security gaps in their applications and services and assist in coming up with solutions to close those gaps and make services compliant to enterprise security requirements.

Typical Day in the Role

• Maintain current knowledge on existing security procedures, directives and technology controls including application testing, threat modeling, attack and penetration testing, data classification and data handling 
• Participate in industry working groups and provide insights to product development teams on leading architecture, design, and security practices 
• Understand security requirements and risk tolerance baselines 
• Keep development teams accountable to metrics measuring risk 
• Track existing risk statements and work with risk owners to close gaps.

Requirements

Technical Skills 

• Experience with relevant industry standards, such as:
  • ISO 27001, 27002
  • NIST CSF o NIST 800-82
  • ISA 62443
  • SOC Reporting 
• Experience with a wide variety of information security processes and principles, such as: Enterprise security architecture; Threat model development; Vulnerability assessment; Risk analysis; Defense in depth; SDLC and product development processes o Identity and access management; Business process design.

Engineers must have the following:

• 3-5 years of CyberSecurity experience
• Familiarity with Web Application Security standards (OWASP, MITRE)
• Experience with application security technologies including SCA/SAST/DAST and the ability to identify false positives and assist with remediation planning• Previous experience integrating security tools in CI/CD development pipelines

Preferred candidates should have: 

• 5+ years Cybersecurity experience
• Professional certification (CISSP, CCSP, GWAPT, GWEB, AWS SA / Certified Security, etc.)
• 1-3 years working directly with Cloud Infrastructure as code (CFT, TF) in AWS• Familiarity with ServiceNow VM and GRC modules
• Development of automation and scripting 8-10 years’ experience
• Web services security Desired: Professional information security certification (CISSP, CCSP, CSSLP, GISCP, GWAPT, GWEB etc.); Strong understanding and experience with information security technologies

Interaction with team: 

• Responsible for facilitating security efforts between the Cybersecurity Organization and the development teams creating services on the data platform. 
• Security Engineers will help development teams identify security gaps in their applications and services and assist in coming up with solutions to close those gaps and make services compliant to enterprise security requirements.

Education & Experience Required: 

• Bachelor’s degree in Computer Science or a related field 
• 8 or more years in information security