Senior Security Engineer

Description

About sg360

sg360 partners with Fortune 1000 brands to pursue unmatched direct marketing performance. We leave no stone unturned in our efforts to drive smarter targeting, stronger messaging and improved ROI. Everything we do - audience analytics, strategic planning, creative development, production and distribution - we do in the pursuit of performance.

When you join us, you gain access to a comprehensive benefits package, including paid time off, holiday pay, health, dental, and vision insurance, life insurance, an education assistance program, short- and long-term disability, wellness resources, identity theft protection, and a 401k with employer match. Be part of a legacy of excellence and growth with sg360!

Our company is seeking a Senior Security Engineer to perform a combination of cyber security functions such as deployment, maintenance, testing, and investigation of cyber security products, to ensure secure internal network protocols are implemented and secure AWS cloud environment hosing the applications. This role will use problem solving based on the company's security, policy and compliance requirements as well as combination of forensic and analytical and technical skills in reviewing network interfaces and activities.

This is an on-site role. Candidates must be in a commutable distance or willing to relocate independently.

PRIMARY RESPONSIBILITIES

• Maintains all security systems and their corresponding or associated software, such as firewalls, intrusion detection/prevention systems, vulnerability management, SIEM, and anti-virus software.
• Design, implement, and manage security controls in AWS environments, including IAM policies, VPC security, encryption, and key management.
• Monitors and reports on security systems and end user activity audits.
• Triages potential security incidents, assist with resolution and escalates to incidence response Manager/Team as needed.
• Maintains and monitors endpoint protection software such as antivirus, MDR, and other security-oriented endpoint protection platforms.
• Implement and manage AWS security services such as AWS WAF, GuardDuty, and Security Hub.
• Recommends, schedules (where appropriate), apply fixes, security patches, assist with disaster recovery procedures, and any other measures required in the event of a security breach.
• Assist with remediation identified through the Vulnerability and Penetration testing.
• Implement scripting where applicable to automate processes.
• Assists with monitoring the overall operation of networks/Systems and participates in cyber security related problem resolutions.
• Assist with performing remediations based on audit requirements and identified gaps.
• Contacts hardware and software vendors to resolve technical problems.
• Provides end-user support and training for security related products, practices, and policies.
• Assist with deployments and maintenance of tools related to MDM, RBAC, PAM, IAM, Configuration management etc. to comply with HITRUST and SOC 2TYPE ii domain controls.
• Provides technical services to relating to use, operation, and management of technology.
• Keeps current with emerging cyber security events, trends and threat sources.
• Ensure compliance with industry standards and best practices (e.g., CIS, NIST, ISO 27001) for cloud security.
• Performs other duties as assigned.

Requirements

MINIMUM REQUIRED EDUCATION & EXPERIENCE

• Bachelor' s Degree or higher (Management Information Systems, Decision and Information Sciences, Computer Information Systems, Computer Sciences, etc.) or equivalent experience.
• At least five (5) of IT Audit experience OR at least six (6) years of experience in Information security engineering, with a focus on cloud security (preferably AWS).
• Strong experience in securing cloud environments, especially AWS, and on-premises infrastructure.
• Proficiency in communication, strong verbal skills.
• Strong project management skills and technical skills around security related tools.
• Possesses proficient understanding of: IT general controls (e.g., security, change management, disaster recovery & backup, infrastructure, etc.); SDLC/Agile methodologies, cybersecurity, and cloud.
• Possesses intermediate understanding of operating system and database platforms (e.g., mainframe, Active Directory, Windows, Linux, Oracle, etc.); network architecture; IT governance processes; IT risk management and assessment processes.

Preferred Certifications:

• Security +
• GIAC GSEC (Global Information Assurance Certification)
• SSCP (Systems Security Certified Practitioner)
• AWS Certified Security - Specialty

ADDITIONAL ELIGIBILITY QUALIFICATIONS

• Broad hands-on knowledge of firewalls, intrusion prevention/detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices
• In-depth technical knowledge of network, PC, and platform operating systems
• Working technical knowledge of current systems software, protocols, and standards
• Strong knowledge of TCP/IP and network administration/protocols
• Familiarity with security frameworks such as, ISO 27001, SOC 2 TYPE II, HITRUST etc.
• Intuition and keen instincts to pre-empt attacks
• Ability to develop basic scripts in languages such as PowerShell or Python
• Knowledge of applicable practices and laws relating to data privacy and protection
• High level of analytical and problem-solving abilities
• Ability to conduct research into security issues and products as required
• Strong understanding of the organization's goals and objectives
• Strong interpersonal and oral communication skills
• Highly self-motivated and directed
• Strong organizational skills
• Excellent attention to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Experience working in a team-oriented, collaborative environment

SG360 does not offer employment-based visa sponsorship now or in the future. Candidates must be legally authorized to work in the United States without the need for current or future visa sponsorship. This policy applies to all applicants, including those whose employment authorization may expire in the future and would require sponsorship to remain employed

SG360 is an Equal Opportunity Employer. We make employment decisions based on merit, qualifications, and business needs. SG360 does not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or any other status protected by applicable law.

SG360 will provide reasonable accommodations to individuals with disabilities in the hiring process, in accordance with applicable laws. If you require an accommodation to complete your application, please contact the location to which you are applying and ask to speak with the Human Resources representative.