Senior Cyber Security Engineer
To ensure the secure operation of the Investors Bank's computing systems, servers, and network connections. This includes enforcing policy, checking logs, scrutinizing network traffic, establishing and updating security system components and features, auditing, and troubleshooting. This position requires hands-on technical expertise in conjunction with knowledge of vulnerability management, Patch management, with scripting experience. This position also encompasses responsibility for secure design, configuration, build and management of the technology infrastructure to support the business.
- Help determine Security Strategy for the company.
- Architect, Design, Implement and maintain security standards and solutions.
- Conduct in collaboration with security vendor Social Engineering annual campaigns.
- Serve as day-to-day security technology engineer team technical lead.
- Manage multiple concurrent projects, ensuring tasks are completed on time and within budget.
- Experience configuring, implementing and leveraging computer security and networking diagnostic/monitoring tools.
- Properly ascertain risk to these systems and provide appropriate security strategies, requirements and solutions for various enterprise-wide products.
- Deliver artifacts, technical alternative documents and architectural design that meet business requirements; oversees design reviews and frameworks.
- Act as a security SME by providing technology expertise and oversight as it pertains to secure design, development and implementation of information technology solutions with a primary focus on security, networks, servers, applications and other infrastructure.
- Partner with IT Engineers to pilot and implement security solutions.
- Supports the oversight of vulnerability management tool, manage remediation of monthly assessments to include meetings with key stakeholders.
- Provide education and coaching to support the Security Awareness Program for new hires and monthly security communications to all bank end-users. This will require traveling to our Short Hills office to conduct instructor lead training.
- Be able to identify potential risks, document and communicate weaknesses in company security posture and propose complete solutions with cost estimates to management.
- BA/BS Degree in MIS, Computer Science, or equivalent experience in Platform Security and Cyber Security Engineering.
- 7-10 years of IT Security experience.
- Current Certified Information Systems Security Professional (CISSP), Security+, or relevant vendor security certification is preferred.
- Architecture, design, implementation and maintenance of security solutions.
- Strong Security experience with Windows environments, including Servers, Desktop, Active Directory.
- Experience with Penetration testing, understanding how to interpret the results and formulate a remediation plan.
- Experience with creating Policies, Security Standards and Standard Operating Procedures (SOP).
- Experience dealing with external and internal auditors to review security findings and its associated controls.
- Strong Automation & Scripting Skills (PowerShell and Python is a PLUS).
- Incident Response is a big plus.
- Working knowledge of host/network common vulnerabilities and exploits (CVEs, IAVAs, etc.), hacker methodologies and tactics, and the tools used.
- Strong technical and leadership skills that will provide insight to current security initiatives and products to drive differentiation in the market place.
- Ability to think with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice areas: application security; network security, infrastructure security, vulnerability management and patch management.
- Knowledge of Internet Protocols, Information Security concepts, and application and database operations.
- Knowledge of banking technologies, applications, and security.
- Strong understanding of vulnerability testing in addition being able to coordinate tests, interpret the results & work towards mitigating the vulnerabilities identified.
- Strong understanding of Security principals, standards, best practices and implementation and adherence to them.
- Strong understanding and experience with user policies/training/behavior.
- Experience responding to incidents and coordinating quarantining, resolution and forensics.
- Strong oral & written communication skills as we as interpersonal skills to work with various internal teams.
- Experience with security solutions that align with customer compliance requirements and industry standards like PCI, SOX, NIST, ITIL, and CIS.