At Stericycle, we deliver solutions and drive innovations that protect the environment, people, and public health. This includes working to create a more sustainable, shared future. Our innovative solutions make a difference in people's lives, communities, and our planet by protecting their health and well-being. Change your career. Change your world. Join Stericycle and help protect health and well-being in a safe, responsible, and sustainable way.
Position Purpose:
The Cybersecurity Engineering Sr is accountable for platform/product management. This position is responsible for deployment and support of technologies in the cybersecurity practice. The role facilitates the functional and technical requirements for the product suite, and directs/governs the application of the technology used. This hands-on role is accountable for designing, developing, and ultimately deploying new cybersecurity technologies within Stericycle's Cybersecurity program.
Key Job Activities:
- Handle day-to-day implementation, monitoring, and operational support of hardware, software, and managed solutions and service provider relationships.
- Engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Additionally, deliver projects on time, within budget and in accordance with service level agreements (SLAs).
- Assist with incident response and system stability issues as they occur. This may include involvement outside of regular work hours, and responsiveness is expected.
- Implement solutions observing compliance with Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), and privacy laws.
- Queue Management for cybersecurity tickets (i.e., Phishing email analysis, EDR alerts, etc.)
- Respond to and handle service and escalation tickets within SLA expectations.
- Management of penetration testing and vulnerability scanning and reporting.
- Participate regularly in change project and change management meetings.
- Research, validate, and deploy solutions meeting security and business needs.
- Follow security engineering fundamentals and processes as outlined in NIST 800-160.
- Influence the planning and execution of incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
- Perform other duties and responsibilities, as assigned.
Education:
Required Education: Bachelor's Degree or Equivalent
Experience (North America):
- Bachelor's Degree or equivalent
- 5-7 years of experience in information technology and cybersecurity, including compliance and risk management with a system and network security engineering background.
- Solid technical and analytical expertise, with a proven deep background (preferred 5+ years IT experience in addition to cybersecurity) in technology design, implementation, and delivery.
- Experience in cloud computing technologies, including software-, infrastructure-, and platform-as-a-service, as well as public, private, and hybrid environments.
- Knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies, and application controls.
- Skilled in meeting vulnerability and penetration testing requirements.
- Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- CISSP, Security+, GISE, SysaPlus - any and all are preferred.
Certifications and/or Licenses:
Certified Information Systems Security Professional (CISSP)
#J-18808-Ljbffr