Sr. System Security Engineer

Strategy Development:

• Mentor and guide junior engineers and security team members, providing technical guidance and promoting skill development.
• Lead cross-functional teams in complex security projects and initiatives, ensuring collaboration and timely completion.
• Contribute to the strategic development of the organization’s security architecture, helping to define long-term objectives and security initiatives.
• Play a key role in developing the organization's cybersecurity strategy, ensuring alignment with business objectives.
• Lead organization-wide risk assessments, identifying critical vulnerabilities and advising senior leadership on mitigation strategies.
• Provide oversight and direction in the development and implementation of advanced security controls to protect sensitive systems and data.
• Oversee the development, refinement, and enforcement of comprehensive security policies and procedures in compliance with regulatory standards such as ISO 27001, NIST, and CIS.
• Ensure that the organization meets or exceeds all compliance requirements, leading audits and certification processes as needed.
• Serve as the escalation point for complex security incidents, leading incident response teams in investigation, containment, and remediation of breaches.
• Develop and implement incident response playbooks and conduct post-incident reviews to continuously improve response strategies.

Monitoring and Searching

• Monitor and analyze security logs and events, and respond to security incidents in a timely manner.
• Monitor network traffic for suspicious activities and investigate security breaches or incidents, taking appropriate actions to prevent unauthorized access or data loss.
• Create and maintain accurate documentation of network security configurations and processes

Risk Assessment and Analyzing

• Develop and implement security measures, policies, and procedures to protect systems and networks against unauthorized access, data breaches, and other security incidents.
• Provide technical expertise and guidance to IT and network engineering teams to ensure that security controls are effectively implemented and maintained.
• Stay updated on the latest security threats, technologies, and industry trends, and provide recommendations for improving security posture.
• Participate in incident response activities, including investigation, containment, and recovery efforts, as needed.
• Research emerging security threats and vulnerabilities relevant to network infrastructure

Planning and Development

• Collaborate with cross-functional teams to ensure that security requirements are incorporated into system and network design, development, and implementation processes.
• Provide training and awareness programs to educate employees and users about security best practices and procedures.
• Evaluate and compare different security products and solutions to determine their suitability for the organization's needs

Experience: Minimum of 7-10 years of experience in system security engineering, network security, or related fields, with a demonstrated track record of leading security initiatives and managing complex projects.

Certifications: Advanced professional certifications such as CISSP, CISM, CCSP, OSCP, or equivalent. Experience in managing security programs and compliance with industry standards like NIST, ISO 27001, and PCI-DSS.

Education and Experience:  Bachelor’s degree in Computer Science, Information Security or related field.  Minimum of 3-5 years of experience in system security engineering, network security, or a related field.

• Professional certifications such as CISSP, CISM, or CEH are highly desirable.

• Knowledge of security standards and frameworks such as ISO 27001, NIST, and CIS.
• Strong knowledge of security principles, best practices, and industry standards, such as NIST, ISO 27001, CIS Critical Security Controls, and PCI-DSS.
• Hands-on experience with security technologies, such as firewalls, IDS/IPS, SIEM, antivirus, and vulnerability scanning tools.

Competencies:  

• Time management, troubleshooting, customer service/support, flexibility, proactive, curiosity, professionalism. 

Physical Demands:

The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of the job.  Reasonable accommodations may be made to enable individual with disabilities to perform the essential functions. 

While performing the duties of this job, the associate is regularly required to talk or hear.  The associate frequently is required to sit; walk; use hands to finger, handle or feel; reach with hands and arms; climb or balance and stoop, kneel, crouch or crawl.  The associate is infrequently required to stand.  The associate may infrequently be asked to lift and/or move up to 25 pounds.  Specific vision abilities required by this job include close vision, distance vision, peripheral vision, and ability to adjust focus. 

Working Conditions:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Generally while performing the duties of this job, the employee is exposed to normal office working conditions that is climate controlled. The employee would not be exposed to extreme heat or cold or other workplace hazards. The noise level in the work environment is usually low. This person may also have to crawl under desks and work in areas with heat generating machines from time to time.

This job description is not intended to be an exhaustive list of skills, efforts, duties, responsibilities or working conditions associated with this position. The Senior System Security Engineer position assumes other responsibilities as assigned by the CISO or CIO.