Senior Security Engineer

Department:

We are Walker & Dunlop.  We are one of the largest providers of capital to the commercial real estate industry, enabling real estate owners and operators to bring their visions of communities — where people live, work, shop, and play — to life. We are committed to creating meaningful social, environmental, and economic change in our communities.

Department Overview

WDTech is W&D’s in-house technology team – a diverse group of energetic and highly skilled technology professionals, all of whom are leading experts in real estate data, data science, and technology.

WDTech Information Security protects W&D's information assets by way of a comprehensive policy framework that oversees and operates cybersecurity countermeasures and technology risk controls.

The Impact You Will Have

Security Engineering is a core connector and critical function of our Information Security team. In this role, you’ll coordinate with business units across the company to optimize the breadth and reach of our tooling. You’re focused on continuing to advance and mature a layered information security program to defend the company against cyberthreats. This team is focused on quality and uses its position and charter to drive quality across our systems, applications, and networks.

You will evaluate, implement, tune, and maintain security controls around the corporate environments we use, such as PaaS solutions, office and remote networks, and workstations. You will investigate insider threats and behavior anomalies, work with technical operations to harden and automate security configurations of our networks and workstation provisioning processes, and work with other teams on secure public cloud adoption. 

The qualified candidate will have experience across a wide breadth of security tools and technologies, including: EDR, data loss protection, attack surface management, secure web gateways, cloud posture, privileged access, secure software development and more. You have experience making recommendations to management on where to invest and where to contract to ensure the right mix of tooling to support the company. You are comfortable working with leadership across business units and talking in technical and non-technical terms. You are passionate about making things better and know that the work is never done.  You are passionate about security and believe that work can be fun, even when it’s challenging.

Primary Responsibilities

• Building strong partnerships and collaborate with stakeholders across multiple business areas to ensure a robust, secure service posture from design to implementation in multiple products and services.

• Serving as a security subject matter expert (SME) resource across multiple security domains and as a valued and knowledgeable stakeholder across the organization.

• Evaluating and right-sizing current tooling; making recommendations to expand or contract as necessary.

• Assuming responsibility for implementing security tools, ensuring that they are configured correctly, working as intended, and providing value.

• Working across technology and engineering teams to integrate security tools and technology across the company.

• Educating, advising and influencing decision-makers in all areas of cybersecurity.

• Participating in events and incidents monitoring and investigations.

• Building a reliable and complete inventory of digital assets; ensuring that automated processes are in place to keep the inventory up-to-date and usable across the company.

• Working closely with the VP of Information Risk and Cyber Assessments to report risks to leadership in a complete and timely manner.

• Perform other duties as assigned.

• Attendance is generally 8:30 am – 5:30 pm EST Monday through Friday with the ability to work up to 2 of those days remotely.

Education and Experience

• Minimum of five (5) years of experience in cybersecurity administration and operations.

• Minimum of two (2) years of experience working in a security engineering or architect capacity.

• Bachelor’s degree from an accredited college or university preferred.

• 2+ years of security architecture experience preferred.

Knowledge, Skills and Abilities

• Hands-on experience with various security tools including the ability to manage, configure, and operate some of the following preferred tools (or equivalent) include: Netskope SWG, Netskope DLP, Box Shield, Microsoft Endpoint Manager, Microsoft M365 Defender, Microsoft Defender of Endpoint, Cisco IronPort, Microsoft Authenticator MFA, EntraID, etc.

• Conduct research to keep abreast of current security issues and best practices.

• In-depth understanding of network and operating systems.

• In-depth understanding of enterprise IT systems and concepts.

• General understanding of cloud computing concepts and microservices.

• General understanding of CI-CD delivery pipelines.

• A team player with a positive attitude that uplifts those around them.

• Strong written and verbal communications skills including the ability to manage and influence multiple stakeholders across functions.

• Excellent organizational, analytics, critical thinking, and interpersonal skills.

• Commitment to quality. Detail-oriented while consistently looking at the big picture.

• Effective decision making and critical thinking skills for problem identification and solution recommendations.

• Passionate in providing excellent customer service Experience with Python, PowerShell, or JSON.

• Experience as an administrator, site reliability engineer or engineer in a non-security role.

• Experience automating security operations activities in a mid-size / large environment.

• Experience working under pressure in time critical situations.

• Experience with API security, OAUTH, key management, key vaults. 

• Experience with Azure Compliance Manager, Azure Security Center.

• Experience with AWS Config, AWS Security Hub. 

• Experience with DevSecOps static, dynamic and software composition controls and tools, pipeline quality gates.

• Experience with penetration testing.

• Familiarity with common security control frameworks such as the NIST CSF, ISO 7200x, CIS Critical Security Controls.

• Familiarity with relevant security frameworks including, OWASP, Mitre Att&ck.

• Industry certification such as CISSP, CCSP, Microsoft Azure Security Engineer (AZ-500), GCP Professional Cloud Security Engineer.

• Demonstrated proficiency communicating information security concepts to technical and non-technical audiences.

• Experience working in a regulated industry.

• Ability to show ownership of your work, take on challenges and acknowledge growth opportunities, and demonstrate patience when learning new processes.

• Courtesy, respect, and thoughtfulness in teaming with colleagues and other stakeholders.

This position has an estimated base salary of $115,000 - $130,000 plus a discretionary bonus. An employment offer is based on the applicant’s relevant work experience, applicable knowledge, skills, abilities, internal equity, and alignment with market data. 

#LI-AA1

#LI-Hybrid

What We Offer  

• The opportunity to join one of Fortune Magazine’s Great Places to Work winners from 2015-2023 

• Comprehensive benefit options* that have earned Walker & Dunlop the silver level of the 2022 Cigna Healthy Workforce Designation™, some of which include:
    - Up to 83% subsidized medical payroll deductions
    - Competitive dental and vision benefits
    - 401(k) + match
    - Pre-tax transit and commuting benefits
    - A robust health and wellness program – earn cash rewards and gain access to resources that
      promote health, engagement, and balance
    - Paid maternity and parental leave, as well as other family paid leave programs
    - Company-paid life, short and long-term disability insurance
    - Health Savings Account and Healthcare and Dependent Care Flexible Spending 

• Career development opportunities 

• Empowerment and encouragement to give back – volunteer hours and donation matching 

 
*Eligibility may vary based on average number of hours worked 

EEO Statement

We are committed to equity in all steps of the recruitment and employment experience. We believe in equal access to opportunities in our workplace.  We do not tolerate discrimination, including harassment, based on any characteristic protected by applicable law, such as race, color, national origin, religion, gender identity, sexual orientation, sex, age, disability, veteran or military status, and genetic information.  We strive to be a safe place to ask questions, build professional relationships, and develop careers.

SPAM
Please be wary of recruitment scams. An indication of a scam might be a request for sensitive or bank information at the time of application or emails coming from a non walkerdunlop.com email address. Please call us at 301.215.5500, if you have any concerns about information requested during or after the application process.

Fair Chance Hiring

Background checks, including any questions related to infractions, arrests, or conviction records, will not be conducted until after a conditional offer of employment has been accepted. We will consider for employment qualified applicants regardless of arrest and conviction records, in accordance with federal, state, and local laws.