Cyber Security Engineer
Title: CyberSecurity Engineer
Location: Stamford, CT
Company: Entertainment/ Media
- Not confined to one security area
- Networking security (firewalls)
- IAM (currently have pieces of IAM, but company wants to improve this program)
- Kali Linux – This is common tool for penetration testing ( has internal pen testing that they want to mature. They implemented this to avoid waiting for external pen testers to tell them where they are vulnerable)
- Cloud – minimally understands AWS security & architecture principles
- Maturing vulnerability management program – need solid process for vulnerabilities remediated and audited against
- Cloud environment keeps growing – building out AWS so security needs to have proper views/controls to give appropriate guidance
- Lots of security operational maturity
- This role will work with a 3rd party SOC that makes sure comapny's tech stack is covered – they manage logs/events management process and respond to incidents/events/alerts
Quality Security Generalist (must be able to execute hands-on, not just strategic)
The Cybersecurity Engineer plays a critical role in safeguarding our Enterprise Technology assets. This role will report to the VP of Cybersecurity & Network and be responsible to plan and carry out security measures to monitor and protect sensitive data and systems from infiltration, exfiltration, and cyber-attacks. The successful candidate is versatile, takes initiative, can manage multiple priorities at the same time, weigh risks and articulate security concerns and controls to technical and non-technical audiences. He/she must have a “security first” mindset, keep up to date on newly emerging threats and industry best practices around cyber security.
- Lead security-related projects from inception to completion.
- Participate in technical projects requiring Cybersecurity oversight and ensure policies, procedures and standards are met.
- Recommend new solutions and make improvements to existing security controls that support and enable business innovation.
- Conduct internal verification and validation testing of technology infrastructure to identify security gaps and weaknesses.
- Develop and recommend necessary changes to the technology environment to ensure systems are compliant with regulatory requirements and privacy laws.
- Assist with security configuration standards for systems and business applications.
- Define and enforce Cybersecurity policies and procedures
- Identity and Access Management
- Privileged Account Management
- Running audit reports and maintaining policy compliance
- IaaS security oversight (AWS, GCP)
- Follow standard best security practices and recommend security enhancements to management
- Monitor security industry breach notifications and vulnerability alerts; Identify emerging risks to company and and escalate accordingly
- Administer, update and configure Infrastructure cybersecurity tools, such as BeyondTrust, Carbon Black, Duo, Okta, Cylance, Tenable.io, SumoLogic, FireEye, Varonis
- Monitor and respond to internal security alert notifications and escalations
- Develop and maintain up-to-date cybersecurity processes and procedures
- Manage an evolving vulnerability management program
- Vulnerability remediation
- Manage web application scans for all company Enterprise Technology and Media Technology groups
- Evaluate and onboard third-party new security products and vendors
- Mature and document a cybersecurity incident response program
- Define and provide meaningful monthly metrics for executive visibility into cybersecurity KPI’s
- Actively streamline and simplify workflows and processes. Leverage automation and orchestration for improved efficiency and efficacy where possible.
- Maintain an asset classification system to ensure that critical assets are identified and hardware inventory is maintained
- Work with Infrastructure and Workplace Technology to ensure all new devices are hardened to company standards and industry best practices
- 10+ years of technical experience in Information/Cyber Security or Network Engineering with at least 5+ years of experience in a security role.
- Bachelor/Masters degree in Cyber Security plus industrustry security certifications. CISSP and CEH preferred.
- Direct experience and administration Privileged Account Management and IAM
- Knowledge of Kali Linux and penetration testing utilities
- Experience with Network and Systems Infrastructure
- Moderate knowledge and experience with Cloud technologies (Amazon, Google Cloud)
- Experience planning, researching and developing security standards and procedures
- Event analysis capability, leveraging log sources and packet captures
- Incident investigation and response skill set
- Knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
- Knowledge of malware operation and indicators
- Scripting experience a plus (Python, Bash, etc.)
- Moderate to Advanced Knowledge of penetration testing techniques
- Knowledge or WIndows, Linux/Unix, IDS/IPS systems; Firewall and Proxy technology
- Moderate knowledge of audit requirements (SOX, GDPR, PCI, HIPAA)
- Strong organizational, communication, and interpersonal skills
- Good attention to detail and follow-up skills
- Experience in the Media and Entertainment industry a plus