"Alerted.org

Sr. Security Engineer

Description

JOB SUMMARY

The Security Engineer for Golden State will leverage processes and technology to ensure the organization’s systems and data are secure. Acting as a key cybersecurity stakeholder, the security engineer will devise and manage a security roadmap that maintains and strengthens the company's security posture. This is a hands-on role that requires active participation in assessing and remediating security vulnerabilities and managing security incidents. Success in this role requires an individual who is organized, assertive, resourceful and an excellent communicator.

ESSENTIAL FUNCTIONS

(% of time may vary depending on assignments/projects)

1. Cybersecurity Operations

+ Execute cybersecurity processes, procedures, and policies

+ Lead and/or participate in cybersecurity investigations. Work with other team members to find and validate indicators of compromise.

+ Participate in threat hunting activities using tools and data available; make recommendations to enrich data sources for more accurate correlation

+ Work with other team members to remediate security threats and compromises

+ Work with other team members to identify root cause of security incidents and formulate preventative action plans

+ Monitors and assesses the company’s security landscape on a continual basis. Prioritizes urgent security patches and remediations as needed.

+ Leverage vulnerability scanning tools to ensure security patches have been properly applied.

+ Promote awareness. Draft regular cybersecurity bulletins and tips to the end-user community. Conduct training sessions.

+ Partner with and manage security service providers

+ Lead and/or participate in regular security team meetings; prepare status reports

60%

2. Production Support

+ Support and maintain the cybersecurity platform (vulnerability management, web proxies, endpoint and email protection, SIEM, privileged account management, etc...)

+ Process requests related to security tools (e.g. firewall exceptions, web usage reports)

+ Perform and/or coordinate patches and upgrades to these systems as needed

+ Address any security questions from internal and external audits and examinations.

+ Perform security and risk assessments on potential affiliates, technology solutions and service providers

25%

3. Security Roadmap

• Continuously assess the organizations security posture, report findings and make recommendations

• Stay up-to-date on cybersecurity best practices, trends and technologies.

• Evaluate additional security products and services as needed

15%

TRAVEL EXPECTATIONS

+ Regular travel requirements (None)

MINIMUM QUALIFICATIONS

Education/Certification

+ Four-year college preferred or commensurate work experience.

+ Certified Information Systems Security Professional (CISSP), or related certification.

Experience

+ 4+ years experience as a cybersecurity analyst/engineer

+ Previous experience as a client/server or infrastructure engineer

+ 3+ years conducting IT compliance exercises (system access audits, penetration tests, change management audits)

ESSENTIAL KNOWLEDGE, SKILLS AND ABILITIES

Expert

• Antivirus/Malware Software (SentinelOne, CrowdStrike)

• Cybersecurity Frameworks (NIST, ISO 27000)

• Security Incident Response Frameworks

• Vulnerability Scanning and Management tools (e.g. Tenable, Rapid7)

• Email Protection (Mimecast, ProofPoint)

Proficient

• PowerShell, BASH

• IPS/IDS Technology

• Web Gateways

• SIEM Technologies (i.e. Exabeam, Splunk)

• Networking Concepts

• Client and Servers Operating Systems (e.g. Windows, Linux)

• Active Directory & Azure AD

• Microsoft 365

• Cloud Firewall (Zscaler)

• MFA/2FA

• SSO (SAML, OAUTH)

Basic

• Web Services

• ServiceNow

• Agile Methodology

• Patching Tools (SCCM)

• Enterprise Architecture

• Backup Technologies (i.e. Veeam, Cohesity, CommVault)

• PCI Compliance

• Privileged Access Management (i.e. Thycotic, CyberArk)

• Apple iOS

• ITIL

• Database Technologies (SQL, Oracle)

CORE COMPETENCIES

The following universal core competencies apply to every job at Golden State Foods. Performance expectations are based on the specific job and grade level.

GSF VALUES

Maintains the highest standards. Treats others the way you’d like to be treated. Makes the best product. Gives the customer a fair deal.

TRUST

Exhibits sense of fairness. Leads by example. Consistently lives the Values and Creed.

INSPIRATION TO OTHERS

Walks the talk. Is supportive of others. Helps others develop great ideas. Looks for the best in others. Rewards positive performance. Finds ways to succeed, not reasons to fail. Is willing to do jobs “below them”. Addresses failures in the process, not the people. Accepts responsibility for own failures. Creates vision for team.

DRIVES TOWARDS HIGHEST QUALITY RESULTS

Is creative and innovative. Is a prudent risk-taker. Always looks for new methods and better ways to run the business. Meets annual goals and objectives. Has a passion for the business. Is willing to change. Puts forth quality efforts.

INTEGRITY

Represents self honestly in all situations, even if it exposes mistakes or weakness. Gives the customer a fair deal. Always does the right thing, even when no one is watching. Walks the talk. Meets commitments. Applies rules across all levels – no exceptions.

OPEN & HONEST COMMUNICATION

Is timely in communications in both directions. Listens actively. Speaks directly, (say what you mean – mean what you say). Listens with empathy and without judgment. Gets all the facts before jumping to conclusions.

TEAM PLAYER/PARTNERSHIP

Shares success with others. Recognizes others’ achievements timely. Reacts constructively to mistakes. Puts other’s success first. Values team over individual. Creates win/win situations.