Lead Engineer Security

Our vision for the future is based on the idea that transforming financial lives starts by giving our people the freedom to transform their own. We have a flexible work environment, and fluid career paths. We not only encourage but celebrate internal mobility. We also recognize the importance of purpose, well-being, and work-life balance. Within Empower and our communities, we work hard to create a welcoming and inclusive environment, and our associates dedicate thousands of hours to volunteering for causes that matter most to them.

Chart your own path and grow your career while helping more customers achieve financial freedom. Empower Yourself.

The Lead Security Engineer serves as a lead technical expert and mentor within the security engineering team. This role will drive the implementation of advanced security controls, guide technical decisions, and provide subject matter expertise in infrastructure hardening, identity management, and compliance efforts. The Lead Security Engineer excels in hands-on engineering while also supporting and mentoring peers to elevate security capabilities across the organization.

ESSENTIAL FUNCTIONS:

• Lead and conduct security operations necessary to maintain the confidentiality, availability, and integrity of enterprise data and information systems.
• Ensure excellent customer service for internal and external customers in support of security initiatives, incident response, and support
• Lead and determine best practice cadence of maintenance of security tools and technologies throughout the enterprise environment such as Palo Alto Firewall features (e.g., App-ID, User-ID, threat prevention, and content filtering) and others.
• Manage and provide direction on troubleshooting Prisma Access for secure remote connectivity.
• Lead team and serve as the subject matter expert in supporting and troubleshooting network security in AWS and Azure environments.
• Design, evaluate and implement security related solutions, ensuring team adherence to established change control processes
• Serve as expert and provide technical security planning, implementation, configuration, support and troubleshooting services on all security technologies ensuring team is well versed in doing the same.
• Define template and lead team to provide accurate, clear, and concise documentation of system requirements, specifications, and final builds.
• Ensure knowledge is shared with team to perform all necessary functions associated with the implementation and integration of security tools and platforms into the enterprise environment.
• Manager partnership with systems and network engineers to ensure servers and network devices conform to security standards, and that security devices and controls are working as designed
• Draft and make recommendations on the development, implementation, and administration of information security policies, standards and procedures, ensuring adherence to industry best practices
• Lead in aiding with ensuring the corporate IT environment is secure and complies with all internal and external audit requirements
• Take the lead in identifying potential security risks, and define and document remediation options or mitigating controls, sharing information with team to set example for this work
• Validate security control coverage against identified IOCs based on emerging cyber threat intelligence
• Collaborate with the offensive security team to analyze and evaluate the effectiveness of existing security controls against identified TTPs, making recommendations for enhancements or improvements
• Assist in the management of an Incident Response Team that addresses potential or in-progress security events, establishing and adhering to escalation procedures and response times
• Ensure certifications are maintained and keep up-to-date with current information technology tools and best practices
• Participate in 24x7 on-call rotation
• Perform related duties as requested

QUALIFICATIONS:

• Bachelor s degree in Information Technology, Computer Science, or related field and 8-10 years’ experience in information technology or related field within the last 10 years 
• Preference will be given to those with degrees in Computer Science, Information Technology, Mathematics, Engineering (various disciplines), and other technology-focused areas.
• Must have Palo Alto certification, CCIE Routing and Switching or Security and AWS Solutions Arch certifications
• 7+ years of experience with managing security controls, to include defining policies and administering devices such as  Palo Alto networks firewalls, Palo Alto networks Prisma, IDS/IPS platforms, and e-mail/web filtering solutions
• 4+ years experience in AWS and Azure cloud operations
• 6 + years of technical experience working with security solutions and conducting security operations
• 6+ years of network security experience and reviewing security tools and solutions and making recommendations on utilization and strategy
• 4+ years web application firewalls
• 7 + years of experience with network protocols, data flows and attacks within an IP environment
• 5+ years of experience in building configurations for security devices and building an automated process to support large-scale deployment
• Extensive knowledge and experience with security software, firewalls, intrusion detection systems and other security systems and network monitoring.
• Extensive hands-on technical knowledge of network systems, protocols, and standards such as Ethernet, LAN, WAN and TCP/IP.
• 6+ years of experience with commercial and open-source security applications and technologies (e.g. malware prevention, DLP, IDS/IDP, and cryptography), as well as related protocols and tools (e.g. SSH, SSL/TLS, snort, port scanners, rootkit detectors, etc.)
• 2+ Implement security measures for Kubernetes clusters and containerized applications.
• 5+ years of experience performing network security administration
• 3+ years programming/scripting experience –Python, shell

Normal Office Working Conditions: this job operates in a professional office environment and routinely uses standard office equipment.

This job description is not intended to be an exhaustive list of all duties, responsibilities and qualifications of the job.  The employer has the right to revise this job description at any time.   You will be evaluated in part based on your performance of the responsibilities and/or tasks listed in this job description.   You may be required to perform other duties that are not included on this job description.  The job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.

We are an equal opportunity employer with a commitment to diversity.  All individuals, regardless of personal characteristics, are encouraged to apply.  All qualified applicants will receive consideration for employment without regard to age, race, color, national origin, ancestry, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, religion, physical or mental disability, military or veteran status, genetic information, or any other status protected by applicable state or local law.