Cyber Security Engineer
Job Title: Cyber security Engineer
Location: Stamford, CT
Term: Contract to Hire
- Lead security-related projects from inception to completion.
- Participate in technical projects requiring Cybersecurity oversight and ensure policies, procedures and standards are met.
- Recommend new solutions and make improvements to existing security controls that support and enable business innovation.
- Conduct internal verification and validation testing of technology infrastructure to identify security gaps and weaknesses.
- Develop and recommend necessary changes to the technology environment to ensure systems are compliant with regulatory requirements and privacy laws.
- Assist with security configuration standards for systems and business applications.
- Define and enforce Cybersecurity policies and procedures
- Identity and Access Management
- Privileged Account Management
- Running audit reports and maintaining policy compliance
- IaaS security oversight (AWS, GCP)
- Follow standard best security practices and recommend security enhancements to management
- Monitor security industry breach notifications and vulnerability alerts; Identify emerging risks and escalate accordingly
- Administer, update and configure Infrastructure cybersecurity tools, such as BeyondTrust, Carbon Black, Duo, Okta, Cylance, Tenable.io, SumoLogic, FireEye, Varonis
- Monitor and respond to internal security alert notifications and escalations
- Develop and maintain up-to-date cybersecurity processes and procedures
- Manage an evolving vulnerability management program
- Vulnerability remediation
- Manage web application scans for all Enterprise Technology and Media Technology groups
- Evaluate and onboard third-party new security products and vendors
- Mature and document a cybersecurity incident response program
- Define and provide meaningful monthly metrics for executive visibility into cybersecurity KPI’s
- Actively streamline and simplify workflows and processes. Leverage automation and orchestration for improved efficiency and efficacy where possible.
- Maintain an asset classification system to ensure that critical assets are identified and hardware inventory is maintained
- Work with Infrastructure and Workplace Technology to ensure all new devices are hardened to company standards and industry best practices
- 10+ years of technical experience in Information/Cyber Security or Network Engineering with at least 5+ years of experience in a security role.
- Bachelor/Masters degree in Cyber Security plus industry security certifications. CISSP and CEH preferred.
- Direct experience and administration Privileged Account Management and IAM
- Knowledge of Kali Linux and penetration testing utilities
- Experience with Network and Systems Infrastructure
- Moderate knowledge and experience with Cloud technologies (Amazon, Google Cloud)
- Experience planning, researching and developing security standards and procedures
- Event analysis capability, leveraging log sources and packet captures
- Incident investigation and response skill set
- Knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
- Knowledge of malware operation and indicators
- Scripting experience a plus (Python, Bash, etc.)
- Moderate to Advanced Knowledge of penetration testing techniques
- Knowledge or Windows, Linux/Unix, IDS/IPS systems; Firewall and Proxy technology
- Moderate knowledge of audit requirements (SOX, GDPR, PCI, HIPAA)
- Strong organizational, communication, and interpersonal skills
- Good attention to detail and follow-up skills