Cyber Security Engineer

Job Description:

Under the direction of the Cyber Security Manager, the Cyber Security Engineer is responsible for maintaining an enterprise-wide information security program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

The CSE position requires sound knowledge of business management and a working knowledge of information security technologies. The CSE will proactively work with business units to implement practices that meet defined policies and standards for information security. The CSE will mentor Cyber Security staff.

The CSE serves a vital role in assurance activities related to the availability, integrity and confidentiality of cast member, business partner, employee, and business information in compliance with information security policies. The CSE must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.

Responsibilities

• Designs, implements, and manages comprehensive security solutions to protect our critical infrastructure.
• Supports communication with vendor by providing reports from Intrusion Prevention Systems (IPS), Web Filtering, Email Filtering, Data Loss Prevention, and other security and compliance products.
• Identifies and assess vulnerabilities in systems and networks through vulnerability scanning and penetration testing.
• Participate in security incident response activities and lead investigations as needed.
• Researches and investigates emerging risk topics, threats, vulnerabilities, capabilities, and solution options to create/update policy and governance, technology strategies, solution architecture, and assessments.
• Supports incident management/response across the enterprise and provides consistent security monitoring, response, follow-up investigation, and determination of root cause. Evaluate security alerts generated by internal systems, vendors, and other industry sources.
• Supports the user access review process and other monitoring aspects of identity and access management.
• Works with IT control owners in creating documentation, interpretation, and monitoring of IT general controls.
• Interacts with third-party managed security service providers as required to facilitate ongoing system testing and monitoring.
• Reviews active threat intelligence and other sources and suggest enhancements to security posture.
• Works with internal and external auditors during examinations providing support and assistance in addressing audit recommendations.
• Collaborate with other IT teams to integrate security considerations into all aspects of the development lifecycle.
• Document security processes and procedures for future reference and training purposes.

Years of Relevant Work Experience: 5 to 10 years

Certifications, Licenses, Registrations

Certified Information Systems Security Professional (CISSP) Preferred

Microsoft Azure Security AZ-500 Preferred

Other security and technology certifications are desired Preferred

Training, Technical Skills or Knowledge

Minimum of 2-5 years of experience in a cyber security engineer role (depending on the seniority of the position). Required

Degree in Information Security or a technology-related field, and/or equivalent work or education related experience Required

Strong understanding of, and experience with Microsoft cloud security solutions Required

Experience with vulnerability scanning and penetration testing methodologies. Required

Abilities and Behaviors below:

• Proven experience working within cross-functional project teams and providing business direction.
• Proven hands-on experience with system tools for monitoring trends related to security event management, vulnerability assessment, and intrusion detection to include Cloud offerings.
• Proven ability to cultivate strong working relationships and drive collaboration across multiple business and technical teams.
• Demonstrated strong analytical skills, business acumen and ability to present ideas to Senior Management in a concise and effective manner.
• Proven ability to coordinate across discrete business and functional areas and communicate effectively across the organization.
• Proven ability to handle multiple efforts and prioritize appropriately.
• Ability to leverage technology and tools to manage, plan and execute project plans.
• Experience in preparing written proposals and presentations for delivery to Senior Management.
• Proven PCI-DSS and compliance experience.
• Ability to take initiative and work on multiple projects at one time.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Must be a critical thinker, with strong problem-solving skills.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability, and ability to work with little supervision.
• Possesses a desire to mentor and collaborate both inside and outside the Cyber Security team.

The pay range for this role in California is $86,800 - $119,300 annually. Select benefits may be provided as part of the compensation package, such as medical, financial, and/or other benefits. To learn more about our benefits visit: