Sr InfoSec Engineer
• Implement and model security practices for enterprise and cloud environments using an intelligence and threat-driven defense model.
• Identify technology gaps and deficiencies by conducting risk assessments; develop plans to remediate.
• Ensure the department' s practices and procedures meet risk management policies/standards/procedures to detect and deter information technology and information security risks.
• Drives security processes and procedures across development and operations teams
• Interact with technology teams to understand business imperatives, document policies, and generate security requirements
• Monitor and anticipates trends and investigates organizational objectives and needs.
• Monitor and create playbooks as a response to security incidents.
• Facilitate the completion of effective regulatory examinations and audit reviews of information risks, when required.
• Escalate emerging risks, non-compliance with policies/standards/controls, policy exceptions and risk tolerance breaches in a timely manner.
• Work and coordinate with management and department heads across the enterprise.
• A minimum of 4-6 years’ experience in an enterprise security role
• A minimum of 2 years' experience in a lead or Senior engineer role
• Strong technical skills and the ability to learn and continue to maintain cutting edge skills and knowledge on a variety of technical areas (Unix/Linux, Application Security, Vulnerability Management, etc.).
• Experience with security architecture frameworks in cloud-based environments (AWS, Openstack, VMware, etc.) is strongly preferred
• Experience planning, designing, and implementing risk management processes for the organization.
• Demonstrated experience with deploying an information security automation frameworks, e.g., SOAR.
• Experience assessing and evaluating risk, as well as identifying, describing, and estimating the risks affecting the business.
• Knowledge of Cloud Security Alliance (CSA) best practices and guidelines
• Expertise with IAM protocols such as OAuth2.0, OIDC, SAML 2.0, authorization policies (such as XACML)
• Have a sense of urgency in implementing programs and evaluating priorities; decisive, action-oriented and practical.
• Willingness to challenge and question the status quo, making recommendations for options and best solutions.
• Be organizationally astute, with superior influencing, collaboration and communication skills.
• Personal presence, intellect, energy and drive to succeed in a high-performance environment.
• Able to analyze and think through highly complex issues.