Security Engineer I

Make a difference. Be happy. Grow your career.

THE ROLE

The Security Engineer is responsible for providing daily operational information security support to the Nordic Global client’s enterprise. Support cybersecurity initiatives throughout the enterprise. Act as a resource for Nordic Global client’s local system markets, facilities, departments and units on technical cybersecurity matters. This position will work closely with cybersecurity teammates, the Infrastructure Services staff, and Internal Audit department to accomplish their tasks.

Conduct and document investigations of suspect or potential security breaches, policy and standards violations and compromises throughout the Nordic Global client’s enterprise, including audits of complex computer applications and technological solutions. The complexity and size of investigation and audit assignments may vary significantly.

Recognize security risks and make appropriate recommendations to suitable Nordic Global client’s governance body for addressing them. Identify the types and quantity of information/evidence needed to complete assigned tasks, how to efficiently obtain such information, analyze it within the context of the cybersecurity objectives, and formulate appropriate subsequent actions and recommendations. Consistently document relevant facts and information to support testing and conclusions so others can follow the logic and methodology. Analyze and recommend secure technical solutions for network/system connections to individuals, contractors, vendors and business partners.

KEY RESPONSIBILITIES

• Operate, maintain, and troubleshoot cybersecurity technologies.
• Recognize cybersecurity risks and make appropriate recommendations for addressing them.
• Analyze and recommend secure technical solutions for network/system connections to individuals, contractors, vendors, and business partners.
• Implement, support, and evaluate cybersecurity-focused tools and services.
• Administer and analyze data from network security devices and services to prevent security threats and reduce risk.
• Provide periodic security reporting.
• Work closely with IT teams and third-party vendors to identify and provide secure IT solutions.
• Assist in developing and implementing security policies and procedures involving network security architecture, network access and monitoring.
• Adhere to all policies defined by management related to change control, security, and separation of duties.
• Perform system implementations and significant changes to existing systems to ensure that compliance requirements and critical risks are adequately addressed.
• Remain current with cybersecurity trends and threats. Identify those that pose risk to systems, develop, and implement appropriate responses.
• Develop change management requests related to security technologies.
• Other duties as assigned.

SKILLS AND EXPERIENCE

• Generally, requires a Bachelor's degree and 3 years of related experience or 6 years of related experience and no degree.
• 3 years of combined relevant work experience in cybersecurity, information technology and/or information security operations.
• Experience with cybersecurity toolsets such as: CyberArk, Securelink, Crowdstrike, Nessus, Palo Alto, Varonis, and Windows Defender suite.
• Skill in applying and incorporating information technologies into proposed solutions.
• Skill in designing the integration of hardware and software solutions.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Basic/fundamental knowledge of computer networking concepts and protocols, and network security methodologies.
• Basic/fundamental knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Basic/fundamental knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Basic/fundamental knowledge of cybersecurity and privacy principles.
• Basic/fundamental knowledge of cyber threats and vulnerabilities.
• Basic/fundamental knowledge of specific operational impacts of cybersecurity lapses.
• Basic/fundamental knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Basic/fundamental knowledge of security system design tools, methods, and techniques.
• Basic/fundamental knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
• Basic/fundamental knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Basic/fundamental knowledge of network systems management principles, models, methods (e.g., end-to end systems performance monitoring), and tools.
• Basic/fundamental knowledge of cybersecurity-enabled software products. Basic/fundamental knowledge of multi-level security systems and cross domain solutions.
• Basic/fundamental knowledge of program protection planning (e.g., information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).
• Basic/fundamental knowledge of configuration management techniques.
• Basic/fundamental knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)
• Basic/fundamental knowledge of integrating an organization’s goals and objectives into the architecture.
• Basic/fundamental knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Basic/fundamental knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
• Basic/fundamental knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
• Functional understanding of Microsoft Azure AD/Entra, Intune, and 365 operation with specific regard to cybersecurity considerations.
• Basic/fundamental understanding of KQL and experience writing queries.

CERTIFICATIONS

• CompTIA Security+, CompTIA Network+, Vmware, CyberArk, CISSP, CEH, SANS GPEN, GCIH (preferred)

Nordic is an equal opportunity employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, genetic information, marital or veteran status, or any other protected status under applicable federal, state, or local laws. We encourage individuals of all backgrounds to apply, including women, minorities, individuals with disabilities, and veterans.