Press ENTER to skip to the job description.
Cyber Security Engineer

Cyber Security Engineer
CT, Stamford

Job Description

Title: CyberSecurity Engineer

Location: Stamford, CT

Type: Contract 

Company: Entertainment/ Media


MUST HAVES:

    Profile

    Quality Security Generalist (must be able to execute hands-on, not just strategic)

    Important expertise:

    • Not confined to one security area
    • Networking security (firewalls)
    • IAM (currently have pieces of IAM, but company wants to improve this program)
    • Kali Linux – This is common tool for penetration testing ( has internal pen testing that they want to mature. They implemented this to avoid waiting for external pen testers to tell them where they are vulnerable)

    Preferred

    • Cloud – minimally understands AWS security & architecture principles

    Environment/Projects

    • Maturing vulnerability management program – need solid process for vulnerabilities remediated and audited against
    • Cloud environment keeps growing – building out AWS so security needs to have proper views/controls to give appropriate guidance
    •  Lots of security operational maturity
    • This role will work with a 3rd party SOC that makes sure comapny's tech stack is covered – they manage logs/events management process and respond to incidents/events/alerts

Cybersecurity Engineer 

The Cybersecurity Engineer plays a critical role in safeguarding our Enterprise Technology assets. This role will report to the VP of Cybersecurity & Network and be responsible to plan and carry out security measures to monitor and protect sensitive data and systems from infiltration, exfiltration, and cyber-attacks. The successful candidate is versatile, takes initiative, can manage multiple priorities at the same time, weigh risks and articulate security concerns and controls to technical and non-technical audiences. He/she must have a “security first” mindset, keep up to date on newly emerging threats and industry best practices around cyber security.


Key Responsibilities:

  • Lead security-related projects from inception to completion.
  • Participate in technical projects requiring Cybersecurity oversight and ensure policies, procedures and standards are met.
  • Recommend new solutions and make improvements to existing security controls that support and enable business innovation.
  • Conduct internal verification and validation testing of technology infrastructure to identify security gaps and weaknesses.
  • Develop and recommend necessary changes to the technology environment to ensure systems are compliant with regulatory requirements and privacy laws.
  • Assist with security configuration standards for systems and business applications.
  • Define and enforce Cybersecurity policies and procedures
  • Identity and Access Management
  • Privileged Account Management
  • Running audit reports and maintaining policy compliance
  • IaaS security oversight (AWS, GCP)
  • Follow standard best security practices and recommend security enhancements to management
  • Monitor security industry breach notifications and vulnerability alerts; Identify emerging risks to company and and escalate accordingly
  • Administer, update and configure Infrastructure cybersecurity tools, such as BeyondTrust, Carbon Black, Duo, Okta, Cylance, Tenable.io, SumoLogic, FireEye, Varonis
  • Monitor and respond to internal security alert notifications and escalations
  • Develop and maintain up-to-date cybersecurity processes and procedures
  • Manage an evolving vulnerability management program
  • Vulnerability remediation
  • Manage web application scans for all company Enterprise Technology and Media Technology groups
  • Evaluate and onboard third-party new security products and vendors
  • Mature and document a cybersecurity incident response program
  • Define and provide meaningful monthly metrics for executive visibility into cybersecurity KPI’s
  • Actively streamline and simplify workflows and processes. Leverage automation and orchestration for improved efficiency and efficacy where possible.
  • Maintain an asset classification system to ensure that critical assets are identified and hardware inventory is maintained
  • Work with Infrastructure and Workplace Technology to ensure all new devices are hardened to company standards and industry best practices

 

Qualifications:

  • 10+ years of technical experience in Information/Cyber Security or Network Engineering with at least 5+ years of experience in a security role.
  • Bachelor/Masters degree in Cyber Security plus industrustry security certifications. CISSP and CEH preferred.
  • Direct experience and administration Privileged Account Management and IAM
  • Knowledge of Kali Linux and penetration testing utilities
  • Experience with Network and Systems Infrastructure
  • Moderate knowledge and experience with Cloud technologies (Amazon, Google Cloud)
  • Experience planning, researching and developing security standards and procedures
  • Event analysis capability, leveraging log sources and packet captures
  • Incident investigation and response skill set
  • Knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
  • Knowledge of malware operation and indicators
  • Scripting experience a plus (Python, Bash, etc.)
  • Moderate to Advanced Knowledge of penetration testing techniques
  • Knowledge or WIndows, Linux/Unix, IDS/IPS systems; Firewall and Proxy technology
  • Moderate knowledge of audit requirements (SOX, GDPR, PCI, HIPAA)
  • Strong organizational, communication, and interpersonal skills
  • Good attention to detail and follow-up skills
  • Experience in the Media and Entertainment industry a plus


  • EMAIL: Farhana.Shaik@harveynashusa.com

Apply Now