Cybersecurity Governance Engineering – Security Engineer

Cybersecurity Governance Engineering – Security Engineer

Requirements

• Programming experience with at least one modern language such as Java, C++, or C# including object-oriented design
• Experience contributing to the architecture and design (architecture, design patterns, reliability, and scaling) of new and current systems
• In-depth knowledge of CS data structures and algorithms
• Understanding of existing Operational Portals such as Azure Portal
• Understanding of HTML-5, JavaScript/TypeScript, XML, and JSON
• Understanding of micro-services oriented architecture and extensible REST APIs
• Understanding of Azure Network such as security zones, VNETs, and Public Peered Services
• Understanding of Azure PaaS and IaaS services
• Understanding of security protocols and products such as of Active Directory, Windows Authentication, SAML, OAuth
• Experience in Datacenter structure, capabilities, and offerings, including the Azure platform, and its native services
• Knowledge of developer tooling across the software development life cycle (task management, source code, building, deployment, operations, real-time communication)
• 5+ years of security compliance framework experience
• Expertise with security standards such as SOX, PCI-DSS, ISO27K, SOC or NIST (some combination of these is ideal)
• Technical acumen required. Understanding of cloud, open sourced distributed systems are ideal
• Great at both collaboration and independent problem solving
• Superb written communication and technical research skills
• Ability to develop relationships and work effectively with different teams at all levels and across functions relative to technical, policy, and business concerns
• Ability to resolve conflicts and drive issues to resolution
• Work independently with little or no supervision while maintaining a high level of efficiency

Responsibilities

• Lead the automation efforts by understanding the information security policies, security standards, security technologies, GEICOs environment (multi-cloud, on-prem) structure
• Create a roadmap and a prioritized plan for automating security controls for continuous monitoring
• Define the programmatic control language, evidence required and frequency, type of assets for each automated control
• Create a unified security controls framework that maps back to security standards such as NIST CSF 2.0, PCI, NY DFS, SOX, etc., to collect evidence once to satisfy all relevant security standards
• Partner with security control owners, governance team, compliance team, other stakeholders on security controls automation
• Determine complimentary products and solutions to scale and expedite overall automation goals
• Partner with cloud technical teams (Azure, GCP, AWS, etc.) to deliver a successful outcome
• Comfortable rolling up your sleeves to design and code modules for infrastructure, application, and processes
• Solve specific security and business problems through automation, utilizing code, and integrating cloud-native and tools via API
• Align on requirements and communicate results and recommendations both verbally and in writing
• Educate relevant stakeholders about our solutions and potential opportunities
• Work closely with various teams to drive feature innovation based upon customer needs
• Utilize programming languages like Python, C# or other object-oriented languages, SQL, and NoSQL databases, Container Orchestration services including Docker and Kubernetes, and a variety of Azure tools and services
• Consistently share best practices and improve processes within and across teams
• Follow GEICOs developer standards and guidelines

Preferred Qualifications

• Bachelor’s Degree or equivalent experience preferred