The enterprise Senior Cybersecurity Engineer plays an integral role in defining and assessing the organization’s security strategy, architecture, and practices. The enterprise security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
Senior Cybersecurity Engineer Duties and Responsibilities:
- Develop and maintain an enterprise cybersecurity program that enables the enterprise to maintain the confidentiality, availability, and integrity of its information systems
- Develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers
- Develop security strategy plans and roadmaps based on sound enterprise architecture practices
- Develop and maintain security architecture models, templates, standards and procedures that can be used to leverage security capabilities in projects and operations
- Track developments and changes in the digital business and threat environments to ensure that they are adequately addressed in security strategy plans and architecture
- Participate in application and infrastructure projects to provide security-planning guidance
- Draft security procedures and standards to be reviewed and approved by executive management
- Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM)
- Develop standards and practices for data encryption in the organization
- Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
- Ensure a complete, accurate and valid inventory of all systems, infrastructure and applications that should be logged by the security information and event management (SIEM) or log management tool
- Establish a taxonomy of indicators of compromise (IOCs)
- Coordinate with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices
- Document data flows of sensitive information in the organization and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
- Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems
- Review network segmentation to ensure least privilege for network access
- Conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
- Software as a service (SaaS) providers
- Cloud/infrastructure as a service (IaaS) providers
- Managed service providers (MSPs)
- Evaluate the statements of work (SOWs) for these providers to ensure that adequate security protections are in place.
- Perform internal audits to review and evaluate the design and operational effectiveness of security-related controls
- Support the testing and validation of internal security controls,
- Review security technologies, tools and services, and make recommendations for their use, based on security, financial and operational metrics
- Keep up to date on best practices and insights and bring them to the business
- Work on business continuity management (BCM) and validate security practices for BCM testing and operations when a failover occurs
- Advocate for security requirements and objectives while ensuring that security architectures and practices do not impede the needs of the business
- Serve as a technical sounding board for the Tech team’s interaction with other business units.
- Evaluate new services, vendors, applications and security tools, among other items, from a technical perspective, and to translate the risk characteristics of these activities and functions into enterprise risk terms and communicate to colleagues in the organization.
- Other Duties as assigned.
Senior Cybersecurity Engineer Skills & Experience:
- Bachelor’s or master’s degree in computer science, information systems, cybersecurity, or a related field.
- Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology
- Verifiable experience reviewing application code for security vulnerabilities
- Direct, hands-on experience or a strong working knowledge of vulnerability management tools
- Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
- Full-stack knowledge of cloud-hosted infrastructure:
- Operating systems
- Direct experience implementing IAM technologies and services:
- Active Directory
- Lightweight Directory Access Protocol (LDAP)
- Amazon Web Service (AWS) IAM
- Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
- Change management
- Configuration management
- Asset management
- Incident management
- Problem management
- Experience designing the deployment of applications and infrastructure into public cloud services.
- Certified Information Systems Security Professional (CISSP)
- Experience working with at least one Cybersecurity framework (NIST, COBIT, ISO, etc.)
Works effectively and cooperatively across the entire organization. Builds executive relationships with critical outside organizations (customers, suppliers, financers, industry experts); Creates a commitment to common goals. Values the contributions of all team members at all levels. Creates an environment where everyone participates and supports each other to drive alignment and enables the organization to accelerate and excel
Creates an environment where the best ideas come to the forefront. Looks outside organization for ways to improve. Has excellent judgment about which creative ideas and suggestions will work. Is able to view problems and opportunities from multiple angles. Presents fresh thinking and solutions that create step change in value.
Knowledgeable about how to align the organization and outsider parties to achieve strategic goals. Knows how to get things done through both formal and informal networks. Understands the origin and reasoning behind key policies, practices, and procedures. Understands how to bring together multiple cultures of different Ygrene teams and outside parties.
Sets stretch goals for personal and team accomplishment and works tenaciously to achieve those goals. Able to drive a sense of urgency, initiative, and accountability across organization and with outside parties. Establishes strategic metrics to monitor progress and measure success. Maintains focus on the highest priorities by avoiding or overcoming roadblocks.
Proclivity to explore ways to provide leadership and mentorship in the execution of talent management initiatives and programs specific to talent acquisition, management, and development. Ensures teams are aligned and committed to broader department-level talent objectives; ensures management team actively supports and contributes to talent management initiatives; provides high visibility and support to high potential individuals. Promotes learning and growth environment for all employees on the team.
Proven capability to communicate effectively through all methods of communication with all internal and external audiences. Known for using data and information to effectively influence the full range of stakeholders. Listens deeply to and continuously learns from all parties in a manner that generates value from every conversation.
Work Environment and Physical Demands:
- This position operates in a professional office environment and routinely uses standard office equipment such as computers, phones, photocopiers, scanners, and filing cabinets.
- Work environment is indoors with majority of time spent sitting at a desk.
- Ability to stand, bend, stoop, sit, walk, twist and turn.
- Ability to lift up to 25 pounds occasionally.
- Ability to use a computer keyboard and calculator.