Principal Cybersecurity Engineer

Principal Cybersecurity Engineer

Requirements

• Bachelor’s Degree in Computer Science, Information Technology (IT), or a related discipline, or equivalent combination of education and work experience
• 8+ years of solid, diverse experience in Cyber Security Engineering and Incident Response
• 2+ years in people management/leadership experience
• Ability to lead, motivate and direct team members; and strong performance management skills to include coaching and goal setting
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles from technical teams to senior executives
• Knowledge of enterprise security solutions (Endpoint Detection and Response, Security information and Event Management, IT services management and Cloud, etc.)
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Knowledge of an organization’s information classification program and procedures for information compromise
• Proven experience in an information assurance, IT Risk and Compliance, information security, IT & Security audit, collaborating with external auditors (3PAOs) or other similar IT role involving IT security and compliance
• High level of proficiency in supporting a variety of NIST 800-171 & CMMC functions, including: client environment as-is assessments, Plan of Action & Milestones (POAM) identification & documentation, non-compliance remediation and recommendations, policy and procedure creation, and separation of duties

Responsibilities

• Work directly with team leads, developers and operations personnel both on policy and technical implementation of technologies.
• Architect, designs, implements, maintains and operates information system security controls and countermeasures; supervises and trains operators in the administration of these systems; documents the operation, use, and expected outputs of these systems.
• Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and provide oversight to ensure compliance.
• Monitor information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends to IT or executive management.
• Oversee the response to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; engages, interacts and coordinates with third-party incident responders, including law enforcement.
• Oversee the administration of authentication and access controls, including security/access roles, and access permissions to information assets.
• Analyze trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes mitigation of risk; oversees risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
• Analyze and oversee the development of information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information security management frameworks such as NIST 800-171 and CMMC 2.0.
• Oversee the development and administration of information security training and awareness programs.

Preferred Qualifications

• CISSP Certification
• Direct experience in network security (SOC, SIRT, CSIRT) investigating targeted intrusions through complex network segments
• Experience working as a part of a Third Party Assessment Organization (3PAO)
• Linux and scripting languages experience
• Demonstrated skill of identifying, capturing, containing, and reporting malware
• Experience with Cloud Computing Technologies (AWS, GCP, Azure)
• AWS Certification
• Experience administering additional security tools such as VPN, Sumo Logic, Qualys, and Automox