Data Protection and Application Security, Cyber Security Specialist

The Data and Application Security Department within Cybersecurity is responsible for implementing and maintaining Security solutions within the Data Protection, Email Security, and Application Security spaces.  These solutions are an integral part of the Cybersecurity department and help improve the overall risk posture within the organization. As a member of the Data and Application security team, the Engineering Specialist will be responsible for aiding in the development, implementation, and operation of data protection and application security solutions and controls to address the current and emerging security and compliance needs of the business.

The Specialist will serve as a solution expert within the aforementioned security domains, under direction of the Engineering Manager and will lead the engineering efforts including building, configuring, testing, troubleshooting, integrating and administrating security technologies and best practices. The specialist will define the strategy for the implementation and maintenance of all solutions for the security of Data-In-Transit, Data-At-Rest, Data-In-Use, Cryptographic Services, Zero Trust, SSE, Browser Isolation, Email Security and Strategy & Governance. The role will also encompass the facilitation and creation/maintaining of metrics, engineering run books, SOPs, and as-built documentation. The Specialist, under direction of the Engineering Manager, will guide technology strategic decisions to reflect approved security architectures, business impact and exposures, emerging threats, vulnerabilities, regulatory requirements, and risks. The Specialist will work with fellow Engineers to ensure adequate Data Protection and security solutions are in place throughout the enterprise including CHS-owned facilities and data centers, 3rd party cloud IT systems and platforms, and will communicate the risks and solutions to business and IT partners.

The Engineering Specialist will also ensure that the day-to-day operations and tasks that are being performed by the engineering team members are delivered with a high degree of accuracy and timeliness by providing guidance and mentorship.
 

Essential Functions

• Defines the strategy for the build, configuration, implementation, and troubleshooting or administration of assigned technology per data protection and application protection engineering standard operating procedures; leads the execution of solution engineering processes.
• Defines the requirements  for the selection, deployment and implementation of security concepts and products including Secure Service Edge, CASB, Secure Web Gateway, Browser Isolation, Email Security, Data Loss Prevention, Application Security.
• Defines the development and implementation activities aligned to encryption key management technologies including, but not limited to, Public Key Infrastructure (PKI), Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), and certificate management administration platforms.
• Establishes procedures to monitor the output of data protection technology platforms to ensure effective operation and respond to trouble tickets/events following standard operating procedure; collaborates with other engineers and specialists to provide independent Root Cause Analysis (RCA)
• Working through the Engineering Manager, collaborates with Architecture and Cybersecurity Leadership on the creation of product and capability roadmaps that mature the organization with respect to the different Cybersecurity sub-domains.
• Builds the strategy for the identification, development, and documentation of configuration/design improvements/optimization to support continuous engineering and systems performance improvement
• Supports and independently executes both scheduled engineering build/configuration events as well as Tier 1/2 incident(break/fix) events including 24x7 support
• Mentors engineers in the team in best practices, troubleshooting techniques, test procedures, process improvements.  Conducts peer reviews to ensure quality of implementations.
• Business and Soft Skill expectations:
  • Communicate and interact effectively and professionally with co-workers, management, customers and vendors.   
  • Maintain complete confidentiality of company business.

Qualifications

Duration:

• 8+ years of IT or information security, and
• 6+ years of security engineering experience

Activities:

• Designed and implemented Data Protection and/or Data Loss Prevention technologies across all vectors including email, endpoint, web, network and cloud 
• Participated in the design and implementation of SSE components including CASB, SWG, RBI and ZTNA
• Implemented Email Security while following best practices
• Implemented application security
• Led engineering initiatives for Data Protection technology, shaping strategies to tackle internal and external business and regulatory challenges related to the safeguarding of sensitive data.
• Worked in process-driven structured environments, and participated in process optimization activities.
• Created executive summaries, metrics, data analysis and recommendations and present these to leadership
• Proactive identification and solving of complex problems 
• Strong understanding of systems development lifecycle to provide technical leadership for multifunctional projects or initiatives. 
• Effective communication of technical concepts to a non-technical audience. 

Licenses and Certifications

• Industry certifications such as:
  Security+, GSEC, SSCP, CISM, CISSP, GIAC, OSCP, or ITIL Certifications preferred