The cybersecurity engineer works with the product cybersecurity program to help architect, deploy and operate a secure cloud application infrastructure that aligns with business needs. In tandem with cybersecurity leadership, security engineers consistently assess the threat landscape and adapt quickly to protect the business from risk. They must be highly technical and possesses experience in security and systems administration across a wide variety of cloud and mobile architectures. They are also expected to have a strong work ethic, leverage analytical and critical thinking, and be skillful at meeting change requests at a moment’s notice. Because the role often interfaces with other business units, strong listening and communication skills are expected. This role is dependent on experience – employees with more experience may take on more responsibility in the following tasks.
Attend regular technical project and implementation meetings and serve as the security consultant to help guide secure practices.
Align with architects and development teams for a mission of secure design.
Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
Participate in technical projects requiring information security
Participate in threat modeling collaboration with other members of the development and security teams. Stay current with and remain knowledgeable about new threats.
Leverage automation and orchestration solutions to automate repetitive tasks.
Assist with incident response as events are escalated, including triage, remediation and documentation.
Aid in threat and vulnerability research across event data collected by systems.
Oversight and to ensure policies, procedures and standards are met.
Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.
Drive security efficiencies, enabling security team members to work on more advanced tasks.
Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply learned knowledge across key lines of business, including products, practices and procedures.
Attend and fully engage in change and project management meetings.
Perform other duties as assigned.
Bachelor’s degree or an equivalent combination of education and work experience.
0-5 years cybersecurity or IT management system experience with a strong preference for product security experience (consumer facing apps and services).
Holds one or more cybersecurity certifications including: CCSP, CISSP, AWS Certified Cloud Practitioner or additional AWS advanced certifications such as AWS Certified DevOps Engineer, VMware Certified Professional or has completed necessary cyber coursework.
Self-motivated, well-organized, and able to position controls in anticipation of threats.
At least 2 years of technical cybersecurity experience.
Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC).
Experience in threat modeling.
Ability to effectively communicate business risk as it relates to cybersecurity.
Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.
Experience in incident response and system monitoring and analysis.
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Bachelor’s degree in computer science, information assurance, cybersecurity, forensics, or related field, or equivalent industry experience.
Mobile and embedded software cybersecurity experience
Cloud access security broker (CASB) experience
Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP and other network and system monitoring tools.
Vulnerability and penetration-testing skills.
Experience with applications hosted in Amazon Web Services (AWS) or Microsoft Azure.
Experience with cryptography controls and measures to secure applications and data.
DevOps background in public and private clouds.
Solid understanding of network and web protocols.
Experience with security of intra-company and third-party APIs.
Experience with dynamic and static analysis tools.
Possesses highly effective communications skills with the ability to influence business units.
Acts with integrity, takes pride in work and seeks to excel, be curious and adaptable.
Displays an analytical and problem-solving mindset.
Is highly organized and efficient.
Leverages strategic and tactical thinking.
Works calmly under pressure and with tight deadlines.