Senior Security Engineer
Great opportunity to own, design, and build an IT Security & Risk Management program from the ground up at a growing company! We are replacing our MSP, and you will be tasked with the design, implementation, and ongoing maintenance of our security program encompassing risk management processes and security measures to protect the company’s systems, networks, and data. You will work closely with the VP, Infrastructure & Cybersecurity Engineer, and a Security Engineer.
This is a direct hire / hybrid position in the Cumberland area. You can telecommute 1 day/week.
We offer a bonus program and comprehensive benefits.
RESPONSIBILITIES:
- Design, implement, and maintain a security program including risk management processes and security measures that protect the company’s systems, networks, & data. Currently our network and security is supported by a MSP, and we are bringing it mostly in house.
- Design and implement secure architecture for apps & infrastructure (on-prem & cloud).
- Develop and maintain security policies, standards, & guidelines.
- Work with Enterprise Systems to develop & implement code scanning into CI/CD pipelines.
- Implement vulnerability security testing tools and frameworks.
- Conduct threat modeling & risk assessments.
- Assist in assessing readiness and ensuring compliance audits pass for applicable data protection laws & regulations (i.e., PCI, DSS).
- Assess gaps in security practices and propose appropriate solutions.
- Collaborate with Development, Ops, & IT to promote security best practices, including SLAs, availability, continuity, system security, documentation, technology adoption, & planning.
- Advocate for security within the organization.
- Assist in preparing & executing cyber security incident response plans, exercises, & events.
- Assist in preparing & exercising Resilience, Incident Response, BCP, & DR plans.
- Support the Security Awareness Program.
- Manage annual third-party penetration testing & findings to remediation.
- Build & participate in a third-party risk management program.
- Perform vendor & partner risk assessments.
- Perform security audits on apps & infrastructure.
- Perform other security projects, as needed.
- Stay updated with the latest security trends, threats, & technologies.
REQUIRED SKILLS:
- 10+ years as an IT Security Engineer
- Experience in designing & building security programs
- Strong understanding of network security, cryptography, & secure coding practices
- Experience with security protocols & technologies , including SSL/TLS, VPNs, & MFA
- At least 1 major security certification (e.g., CISSP, CEH, OSCP, CISM ,etc).
- Scripting experience (e.g., Python, Bash) for automation & security tool integration
- In-depth knowledge of security best practices & frameworks (e.g., OWASP, NIST)
- Cloud security experience (highly prefer Azure)
- Security tools & technology experience (e.g. firewalls, IDS/IPS, SIEM, antivirus software/EDR)
- Excellent communication skills
PREFERRED SKILLS:
- Azure cloud experience
- Bachelor's or Master’s degree in Cybersecurity, Computer Science, IT, or related
- Knowledge of regulatory requirements/standards i.e. ISO 27001, NIST, GDPR
W2 ONLY; NO 3rd Parties / C2C / Visa Sponsorship