"Alerted.org

Role Description

This role is part of a team responsible for administering security tools and projects for the safeguarding of the firm’s information systems. The Security Engineer focuses on working closely with various stakeholders in IT and development communities across SMBC Group Companies to ensure the overall Cyber Security of the firm. The Security Engineer will also act as a subject matter expert of various tools who uses expertise to resolve complex problems in consideration of established policies, guidelines or processes.

Role Objectives

You will be part of a Cyber Security team responsible for ensuring IT Security systems are configured, deployed, and maintained in accordance with polices and standards. The position requires participation in technical research and development to enable continuing innovation for Cyber Security and Information Risk Management.

+ Application Security and DevSecOps

+ Understanding of OWASP Top 10

+ Application Whitelisting

+ Cloud Computing and Security

+ Incident Response in the cloud.

+ Database security and monitoring

+ Email security

+ SPF, DKIM, DMARC and third party email providers

+ EndPoint Detection and Response

+ File Share access and Group Membership access reviews and certification

+ Firewall reviews and access and certification

+ Identity and Access Management & Governance

+ Incident Response end to end

+ Multi Factor Authentication

+ Zero Trust principles

+ Network Access Control

+ Network anomaly detection and response

+ Deep packet analysis experience required using wireshark/tcpdump.

+ Network Segmentation

+ Privileged Access Management

+ Python/Bash/PowerShell scripting required

+ Secure Browsing

+ Security Information and Event Management

+ Vulnerability scanning, security compliance and vulnerability management

+ Linux and Windows Security principles and Microsoft Active Directory.

Qualifications and Skills

+ 3-5+ Years of hands-on architecting, implementation and design experience required, designing globally scalable security solutions.

+ Solid Technical hands-on Cyber Security experience with implementation and management of several of the core security solutions mentioned above.

+ Strong knowledge of enterprise Information Security pillars, including Perimeter security, Identity Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management.

+ Excellent communication skills, writing skills, and the ability to work with internal teams.

+ Be a performance-driven team player with an excellent attitude.

+ Able to follow priorities set by management.

+ Strong ability to deliver on time.

+ Strong ability to deliver quality.

+ One of the following certifications is required - CISSP, CISM, CCSP, OSCP, GIAC GCIH, GCTIA, GDSA or equivalent.

+ Ability to multi-task and work on several projects at the same time.

+ Ability to work in a fast-paced environment.

+ Ability to analyze vulnerabilities within the internal infrastructure and oversee timely remediation.

+ Ability to communicate information security concepts across a broad range of technical and non-technical staff.

+ Ability to translate business requirements into technical solutions.

+ Ability to adapt information delivery based on audience.

+ Good influencing, relationship and stakeholder management skill.

Additional Requirements

EOE, including Disability/veterans