IT Security Engineer

IT Security Engineer

Who We Are

SiriusPoint is a global (re)insurer writing a worldwide portfolio of businesses including Accident & Health, Liability, Property, and Specialty.

Bermuda-headquartered and listed on the New York Stock Exchange (NYSE: SPNT), we are looking at ways to grow intelligently, underwrite profitably, and drive technology innovation in the insurance industry.

We challenge convention, disrupt the traditional way of doing things, and devise new and better solutions. We strive to be excellent in everything we do and to continuously build knowledge and learn beyond our current skillsets.

Join Our Team  

You will be our IT Security Engineer and will report to the Chief Information Security Officer.

The IT Security Engineer is accountable for contributing to and strengthening, the corporate Information Security program. The IT Security Engineer is responsible for the day-to-day operations of the in-place security solutions and the identification, investigation, and response to security events detected by those systems. IT Security Manager also participates in the vulnerability management program.

The IT Security Engineer presents a working knowledge and understanding of business security practices and procedures, including but not limited to, knowledge of currently available security tools, various communication protocols, incident response processes, vulnerability and patch management best practices, privileged access management, encryption techniques/tools, and 3rd party security risk assessments.

This role occasionally makes presentations, provides training, communicates with leadership and non-technical audiences about security topics, and collaborates with technical engineers on security solutions implementation. The IT Security Engineer is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals by collaborating with various IT and Non-IT functional groups to ensure effective service delivery of system security programs for internal clients. 

 Your responsibilities will include:

• Interfaces with SIEM providers and receives and interprets SIEM reports.
• Administers EDR Tools and proactively remediates threats
• Analyses security events to determine their root cause and advises on resolution.
• Analyses security vulnerabilities and assists in vulnerability management programs.
• Administers vulnerability management scanners and prepares applicable reports.
• Advises on Windows and non-Windows systems patching as required by vulnerability management program.
• Researches, and monitors for published current cybersecurity threats, vulnerabilities, and security advisories.
• Administers PAM (Privileged Access Management) tool to manage privileged access accounts.
• Administers DLP tools and advises on corporate DLP programs.
• Performs 3rd party risk assessments on our vendors and partners.
• Executes, and maintains incident response procedures.
• Maintains, supports, and coordinates corporate User Security Awareness Training programs
• Coordinates with internal and external auditors to assure HIPAA, SOX, NYDFS, and other regulatory compliance and proactively identifies audit and compliance-related issues to reduce the risk of security exposures and non-
• compliance. Plans and implements security improvements and solutions to assure the US and European regulatory compliance (DORA, HIPPA, NYCRR, GDPR, Cyber Essential, BMA).
• Prepares necessary audit documentation and timely files reports and appropriate evidence required.
• Creates and modifies Information Security related manuals, IT documentation, and infrastructure designs.
• Advises on security best practices for corporate solutions, application suites, and products.
• Researches current trends and technologies for future product ideas.

Be Yourself

We are building a differentiated culture and approach. We have shared values that drive our behavior and a culture that makes it a fun, exciting, and productive place to work and a great partner to do business with. You should be entrepreneurial, pioneering, open, and yourself.

Your skills and abilities should include:

• Strong IT skills and deep understanding of cyber security, and hacker methodology.
• Experience in malware/software analysis, vulnerabilities, and incident response.
• Experience with cybersecurity tools such as CrowdStrike, Darktrace, Rapid7, antivirus, and antimalware suites.
• Strong audit and compliance assessment skills, ability to effectively define gaps, evidence, and remediation requirements while achieving targeted delivery results. General knowledge of HIPAA applicable security/privacy controls, Sarbanes-Oxley, NIST cybersecurity framework.
• Strong organizational skills, ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results.
• Effective written, and verbal communication skills. Ability to tailor communication style to the audience at hand.
• Ability to stay up to date with the current cybersecurity regulatory landscape to account for changing circumstances when evaluating security compliance, and maintain technical proficiency via self or formal training.
• Ability to operate independently and as a part of the team to ensure our software, hardware, and related components are protected from cyber-attacks.

SALARY: The estimated salary range for this position is $100-120K per year . This is a good-faith assessment of the salary range for this position only. In determining the actual salary within this range, SiriusPoint will consider a candidate’s relevant experience, location, and other job-related factors.

We Achieve More Together

We value and support the unique voices, backgrounds, lifestyles, and contributions of a diverse global employee base that contributes to our culture every day. Diversity, Equity, Inclusion, and Belonging (DEI&B) is imperative to our success. 

We are building an environment that embeds DEI&B into everything we do and enables us to unlock critical drivers of equality, innovation, and success. We want everyone to be included, valued, respected, and supported to unleash their full potential.