Senior Cyber Security Engineer

Job Description:

General Function / Summary:

The Senior Cyber Security Engineer is responsible for building digital security protocols, operating a cyber security system and maintaining security controls for the CNG organization.  

Essential Duties:

• Execute and track the performance of security measures to protect information and network infrastructure and computer systems.
• Maintain and execute a comprehensive technology roadmap.
• Identify, define and document system security requirements and recommend solutions to management.
• Configure, troubleshoot and maintain security infrastructure software and hardware.
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
• Manage third party IT Security vendor relationships.
• Monitor systems for irregular behavior and configure preventive measures. 
• Educate and train associates on information security best practices.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Analyze information security hardware and software to ensure maximum performance and provide technical and managerial expertise for the administration of security tools.
• Lead security projects to ensure project milestones are met on time and within budget.
• Produce KPI’s for security controls managed by the IT Cyber Security team.
• Other assigned projects.

Minimum Education and Experience Required:

• Bachelor’s degree in computer science, MIS, or equivalent experience
• 4+ years of experience in IT security operational roles
• Proven experience developing, operating and maintaining security systems
• Experience creating and updating system runbooks and writing documentation
• Experience working in a fast-paced environment and pay extreme attention to detail.
• Extensive knowledge of operating system and database security
• Proficiency in troubleshooting networking and security technologies and network monitoring solutions
• Proficient at using enterprise SIEM solutions such as Splunk ES. Must have knowledge to create reports and custom dashboards
• Knowledge of security systems including anti-virus applications, content filtering, Palo Alto firewalls, authentication systems, intrusion detection, Data Loss Prevention and SIEM
• In-depth knowledge of security protocols and principles
• In-depth knowledge of security controls such as CIS and frameworks such as SOC 2, ISO 20001, ISO 27002 & NIST
• Experience in securing and managing cloud computing such as but not limited to Azure and AWS
• Ability to handle multiple projects and tasks simultaneously and collaborate with all areas of the organization
• Ability to effectively review, identify gaps and provide solid technical plans to remediate any identified risks
• Ability to build roadmaps and present to all levels of the organization
• In Depth experience with deploying and managing DLP Systems such as building and deploying policies and provide solid risk reduction metrics.
• Experience with certificate and key management using tools like Venafi, Hashi Corp.
• Experience with data encryption protocols, data labeling, masking and other key encryption practices.
• Experience managing email security solutions including leading a security awareness program
• Experience with cloud environments such as monitoring and deploying security controls in Azure and AWS
• Excellent written and verbal communication skills
• Proficient in Microsoft 0365 Office programs
• Ability and willingness to consistently live and embrace our core values of accountable, inclusive, transparent, and focused