Senior Information Security Engineer

Description:

The Senior Information Security Engineer leads the design, implementation, and continuous refinement of the organization's cybersecurity capabilities. This advanced role requires a deep technical expertise in security technologies and a strategic approach to protecting the organization's information assets. The Senior Engineer is pivotal in conducting complex security assessments, identifying vulnerabilities, and developing robust solutions to enhance the security posture of the organization.

With a strong focus on technical leadership, this individual collaborates closely with the IT department and cybersecurity team to develop secure systems, networks, and applications. Additionally, the Senior Information Security Engineer works hand-in-hand with the IT Governance, Risk Management, and Compliance (GRC) teams to ensure cybersecurity strategies align with organizational policies and regulatory requirements. This involves a strategic partnership to assess risks, manage cybersecurity compliance across systems, and integrate security best practices into GRC frameworks.

The Senior Information Security Engineer is also responsible for researching and integrating new security technologies and best practices into the existing infrastructure to address evolving threats. This role involves critical thinking, problem-solving, and a proactive attitude towards cybersecurity challenges.

Reporting directly to the Senior Manager of Cyber Security Operations, the Senior Information Security Engineer significantly contributes to the strategic planning and execution of cybersecurity initiatives. This position plays a crucial role in mentoring and providing technical guidance to other security engineers, ensuring a high level of technical expertise and operational excellence across the team.

How You Make An Impact (Job Accountabilities)

Work alongside project leads and IT teams to facilitate a smooth integration of new solutions into the organization's cyber security framework. Provide support during the implementation phase of cyber security tools, ensuring that deployment tasks are completed timely.
Actively mentor Information Security Engineering team members, sharing insights on best practices and the latest trends in cyber security tool deployment and management. Foster a culture of continuous improvement and innovation within the cyber security team, encouraging the adoption of emerging technologies and methodologies to enhance the organization’s cyber security posture.
Lead the initial configuration of newly implemented tools, applying in-depth knowledge of security standards and operational procedures to create a robust foundation for tool effectiveness. Collaborate with cyber security and IT teams to adjust settings and configurations based on operational feedback and evolving security threats, enhancing the organization's cyber security posture.
Provide strategic oversight for the monitoring and management of cyber security tools and systems, ensuring they operate at peak efficiency and are fully aligned with the organization’s cyber security strategies.
Act as an escalation point for operational issues in cyber security tools and systems, providing specialized knowledge to resolve more complex problems. Leverage external support resources and serve as the primary point of contact for troubleshooting issues.
Participate in the assessment of new cyber security tools, focusing on evaluating their potential operational impact and alignment with the organization’s security needs. Aid in the selection process by contributing insights on tool effectiveness and compatibility with existing systems.

What You Bring to the Role (Job Qualifications / Education / Skills / Requirements / Capabilities)

Education 

Bachelor's degree in information systems, engineering, management, or related field, or equivalent work experience. 

Work Experience

5+ years of experience in information technology or information security
Industry certifications such as CISSP, CISM, CCSP, GIAC (GSEC, GCED, GCIA, etc.
Vendor-specific certifications (Netskope, Palo Alto, Zscaler, Microsoft purview, Code42 etc.)

Competencies Desired

Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
Technical proficiency with security-related systems and applications.
Experience in developing, documenting and maintaining security procedures.
Strong knowledge of TCP/IP and network administration/protocols, zero trust principles.
Hands-on experience with AWS/Azure/GCP security controls
Proficient knowledge in scripting (Like Python, PowerShell)
Experience performing security reviews for new systems
Strong analytical and problem-solving skills to enable effective security incident and problem resolution.
Excellent documentation skills.
Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously.
Ability to work well under minimal supervision.
Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT-business personnel.
Strong written and verbal communication skills.
Strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.