We are looking for a Cybersecurity Engineer for a contract to hire position with our client in Stamford, CT. Please review the job details and send qualified resumes to email@example.com.
The Cybersecurity Engineer plays a critical role in
safeguarding Enterprise Technology assets. This role will report to the VP of
Cybersecurity & Network and be responsible to plan and carry out security
measures to monitor and protect sensitive data and systems from infiltration,
exfiltration, and cyber-attacks. The successful candidate is versatile, takes
initiative, can manage multiple priorities at the same time, weigh risks and
articulate security concerns and controls to technical and non-technical audiences.
He/she must have a “security first” mindset, keep up to date on newly emerging
threats and industry best practices around cyber security.
· Lead security-related projects from inception to completion.
· Participate in technical projects requiring Cybersecurity oversight and ensure policies, procedures and standards are met.
· Recommend new solutions and make improvements to existing security controls that support and enable business innovation.
· Conduct internal verification and validation testing of technology infrastructure to identify security gaps and weaknesses.
· Develop and recommend necessary changes to the technology environment to ensure systems are compliant with regulatory requirements and privacy laws.
· Assist with security configuration standards for systems and business applications.
· Define and enforce Cybersecurity policies and procedures
· Identity and Access Management
· Privileged Account Management
· Running audit reports and maintaining policy compliance
· IaaS security oversight (AWS, GCP)
· Follow standard best security practices and recommend security enhancements to management
· Monitor security industry breach notifications and vulnerability alerts; Identify emerging risks to and escalate accordingly
· Administer, update and configure Infrastructure cybersecurity tools, such as BeyondTrust, Carbon Black, Duo, Cylance, Tenable.io, SumoLogic, FireEye, Varonis
· Monitor and respond to internal security alert notifications and escalations
· Develop and maintain up-to-date cybersecurity processes and procedures
· Manage an evolving vulnerability management program
· Vulnerability remediation
· Manage web application scans for all Enterprise Technology and Media Technology groups
· Evaluate and onboard third-party new security products and vendors
· Mature and document a cybersecurity incident response program
· Define and provide meaningful monthly metrics for executive visibility into cybersecurity KPI’s
· Actively streamline and simplify workflows and processes. Leverage automation and orchestration for improved efficiency and efficacy where possible.
· Maintain an asset classification system to ensure that critical assets are identified and hardware inventory is maintained
· Work with Infrastructure and Workplace Technology to ensure all new devices are hardened to company standards and industry best practices
· 10+ years of technical experience in Information/Cyber Security or Network Engineering with at least 5+ years of experience in a security role.
· Bachelor/Masters degree in Cyber Security plus industry security certifications. CISSP and CEH preferred.
· Direct experience and administration Privileged Account Management and IAM
· Knowledge of Kali Linux and penetration testing utilities
· Experience with Network and Systems Infrastructure
· Moderate knowledge and experience with Cloud technologies (Amazon, Google Cloud)
· Experience planning, researching and developing security standards and procedures
· Event analysis capability, leveraging log sources and packet captures
· Incident investigation and response skill set
· Knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
· Knowledge of malware operation and indicators
· Scripting experience a plus (Python, Bash, etc.)
· Moderate to Advanced Knowledge of penetration testing techniques
· Knowledge or Windows, Linux/Unix, IDS/IPS systems; Firewall and Proxy technology
· Moderate knowledge of audit requirements (SOX, GDPR, PCI, HIPAA)
· Strong organizational, communication, and interpersonal skills
· Good attention to detail and follow-up skills
· Experience in the Media and Entertainment industry a plus