Cybersecurity Engineer

Overall, Job Purpose
The Cybersecurity Engineer plays an integral role in defining and assessing the organization's security strategy, operations, and practices. The Cybersecurity Engineer will assume responsibilities for multiple security functions. The Cybersecurity Engineer will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. The Cybersecurity Engineer will be required to develop, execute, and track the performance of security measures to protect information, network infrastructure, and computer systems. The Cybersecurity Engineer will lead and mentor staff and ensure they are following Cybersecurity best practices and industry standards.

Core Responsibilities
• Deploy and manage security infrastructure such as but not limited to firewalls, CASB, IPSs, WAFs, endpoint protection (DLP & EDR), MFA, SIEM, and vulnerability management tools on premise and cloud.
• Support and implement baseline security configuration standards for IT/ICS/OT/IoT, cloud, operating systems, networking, encryption, data security, data classification, and identity and access management (IAM) assuring architectures meet security best practices that reduce risk and enhance security.
• Participate in security assessments of internal systems, applications, and IT infrastructure, managing these systems in a security information and event management system as part of the overall risk management practice of the organization.
• Provide timely reporting of security related systems and events to various levels of management on a regular basis
• Work with internal teams (Compliance, Legal, HR, etc.) to understand their security requirements and incorporate into the overall Strategy and execution plans.
• Maintain, manage, and monitor cybersecurity training program.

Relevant Experience:
• A minimum of 7 years or more experience in a security related field with direct responsibility to manage security one or more of the following:
• Direct, hands-on experience deploying & managing security infrastructure such as firewalls, IPSs, WAFs, endpoint protection (DLP & EDR), SIEM, and vulnerability management tools on premise and cloud
• Documented experience and a strong working knowledge of the methodologies required to conduct threat-modeling exercises on new technologies and services
• Working knowledge of cybersecurity training and operations
• Working knowledge of OT cybersecurity
• Knowledge the secure deployment of workloads into public cloud services (e.g., AWS or Microsoft Azure)

Industry and Regulatory Experience (One of more of the following):
• Sarbanes-Oxley Act, and Japanese the variant
• General Data Protection Regulation (GDPR)
• Privacy Principles (best practices)
• International Organization for Standardization (ISO) 27001/2
• National Institute of Standards and Technology (NIST)
• Cybersecurity Framework (CSF)
• IT Service Management (ITIL)

Educational Qualification:
Bachelor’s degree in computer science, Information Systems, Cyber Security, OR seven plus years’ experience in the role.

Certification(s):
One or more of the following certifications are preferred:
ISC2's CISSP
ISACA's CISM
ISACA's CISA
The Open Group's TOGAF
SANS' GAIC
IAPP's CIPT