Security Engineer III

Responsibilities:

1. Support security team projects such as threat modeling, vulnerability scanning and audits
2. Conduct design reviews, testing of new infrastructure, and uplift the security posture for existing environments
3. Build capabilities for automated evidence gathering through integration with our GRC program
4. Execute risk and threat analyst activities, demonstrating findings from external and internal cyber trends and incidents
5. Propose and implement creative solutions to protect data across multiple platforms including endpoint, email, network, databases, and cloud applications
6. Collaborate with software engineers, DevOps and infrastructure teams, product owners, and across security teams to understand how data is used, what protections are needed, and implement solutions
7. Support incident, security alert, and vulnerability response in collaboration with other products and the cybersecurity team
8. Drive security engineering projects to eliminate attack vectors, harden the platform, and enhance monitoring and intrusion detection systems
9. Lead discussions, assessments, tracking, and overall reporting of technology security risks
10. Develop security playbooks and runbooks to automate security mitigation tasks
11. Engage with our third-party MSSP to assist in tuning our SIEM for advanced security log coverage
12. Manage the effectiveness of tooling, rationalizing tools as needed, and identifying tool requirements, as necessary
13. Engage with teams to identify shared problems and develop automation
14. Define metrics and key performance indicators to determine the effectiveness of the Security automation program
15. Assess APIs and application endpoints for security deficiencies
16. Lead cross-collaboration to provide guidance for complex infrastructure security engineering initiatives
17. Provide input on the vision and security systems in use across our infrastructure
18. Demonstrate technical leadership to ensure software development best practices are being utilized
19. Influence the continuous improvement of the security program across the security and infrastructure ecosystem
20. Provide ongoing assessments of the evolution of incident response tools and capabilities
21. Perform ongoing monitoring of production security tools
22. Provide assistance to more senior level staff as necessary
23. Assist in the documentation of the security program
24. IAM - Solution research, assessment, and on-going security advisement as needed
25. IoT - Solution research, assessment, and on-going security advisement as needed
26. Endpoint Security - Solution research, assessment, deployment, and on-going support
27. Vulnerability management – Review, assessment, and escalation of vulnerabilities discovered via scanning tools
28. Work with third-party firms to perform periodic penetration testing of networks, web-apps, wireless environments
29. Perform advanced threat hunting on an ongoing basis
30. DLP with Data Classification - Solution research, assessment, deployment, and on-going support

Other Skills & Abilities:

1. Knowledge of risk management frameworks and applying risk methodologies
2. Understanding of conducting risk and/or self-assessment activities to identify key risk areas in the business
3. Experience associated with 3rd party risk assessments and understanding security in-depth principles to measure risk
4. Knowledge of security auditing procedures
5. Understanding of DevOps and CI/CD practices and tools
6. Enthusiasm for scalable, reproducible security management
7. Experience with applying to an Azure and/or AWS cloud infrastructure is desirable
8. Proficiency with data formats and query languages (Example: KQL, PowerShell, XML, REST APIs and JSON, Regular Expression, etc.)
9. Experience working with advanced firewalls, DNS filtering, and log management systems is desirable
10. Experience working with advanced email security systems and filtering is desirable
11. Experience with security compliance monitoring tools including SIEM tools, GRC platforms, vulnerability scanning tools, DLP (Data Loss Prevention) PAM (Privileged Access Management), SASE, and other infrastructure security tools
12. Industry certification highly preferred in one of the following areas: (e.g., CISSP, CISM, CRISC, MS-500, SANS, or Security+)
13. Familiarity with standards such as ISO 27001/27002 or the NIST Cybersecurity Framework is highly preferred
14. Knowledge of current data privacy laws (CCPA and GDPR) are preferred
15. Excellent verbal and written communication skills and excellent time management abilities
16. Strong customer orientation and excellent interpersonal and communication skills are a must

Education & Experience:

1. 7+ years of experience working with security frameworks and implementing cyber security controls across a heterogenous environment
2. Experience with public cloud architecture, cloud strategy, networking, security, and compliance workload types
3. Experience with traditional on-prem infrastructure management and auditing
4. Cybersecurity or similar discipline bachelor's degree highly preferred

CERTIFICATION AND LICENSES:

Professional certification may be required in some areas.

WHY SHOULD YOU WORK FOR CRANE?

At Crane, we believe in providing our employees with excellent benefits at a Great Place to Work.

We offer:

1. Quarterly Incentive Plan
2. 136 hours of Paid Time Off which equals 17 days for the year, that can be used for Sick Time or for Personal Use
3. Excellent Medical, Dental and Vision benefits
4. Tuition Reimbursement for education related to your job
5. Employee Recognition and Rewards Program
6. Paid Volunteer Time to support a cause that is close to your heart and contributes to our communities
7. Employee Discounts
8. Wellness Incentives that can go up to $100 per year for completing challenges, in addition to a discount on contribution rates

Come join the leader in logistics and take your career in the right direction.

Disclaimer:

The above statements are intended to describe the general nature and level of work being performed by people assigned to this position. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

We maintain a drug-free workplace and perform pre-employment substance abuse testing.

This position requires the final candidate to successfully pass an E-Verify Check.

Company benefits are contingent upon meeting eligibility requirements and plan conditions.