Cybersecurity Engineer II

Cybersecurity Engineer II

Title: Cybersecurity Engineer II

Location: Remote

Org Unit: IT Security

Work Days:

Weekly Hours: 35.00

Exemption Status: Exempt

Salary Range: $134,600.00 - $154,900.00
*As required under NYC Human Rights Law Int 1208-2018 - Salary range for this role when Hired for NYC Offices

Position Summary

This position involves all technical aspects of security and requires participation in project-oriented work. Role works closely with other domain engineers and architects. This position provides the opportunity to participate in multiple areas of IT infrastructure by using risk analysis, industry knowledge, security standards, and other tools to develop and implement security solutions for WCM's environment without diminishing productivity.

This role assumes ownership of complex security tools and trains analysts, as well as implements new technologies with help of senior engineers and architects.

Job Responsibilities

• Improves efficiency by automating and orchestrating repeatable tasks.
• Assumes ownership of complex security technologies and trains security analysts for operational readiness.
• Implements new security technologies such as DLP, email security, CASB, NAC, WAF, 'passwordless' authentication, and more with oversight from senior engineers and architects.
• Enhances the vulnerability management process and develops technical solutions to help mitigate security vulnerabilities and conduct research to identify new attack vectors against WCM systems.
• Develops and maintains metrics and reports to provide senior management insight and evidence supporting effectiveness of security infrastructure, controls, projects and processes.
• Ensures WCM security and identity management infrastructure is running optimally and effectively.
• Fosters close working connections with staff and management to ensure the design and operations for WCM applications and infrastructures while acquiring and retaining comprehensive working knowledge of all infrastructure and relations systems.
• Responsible for innovative security work identifying, deploying, and identity, and related technologies.
• Performs other related duties as assigned.

Education

• Bachelor's Degree

Experience

• Bachelor's degree in a related field or equivalent experience.
• 5 or more years of experience with network security technologies including IDS/IPS, stateful and application firewalls, network access control, and network segmentation.
• 5 or more years of security experience;
• Experience in Ruby, Python, SQL, and/or shell scripting.
• Experience with incident detection and response.
• Experience with logging and security incident and event management systems (Syslog, Splunk, etc.).
• Experience with network and vulnerability scanning and management tools (nmap, nexpose, metasploit, etc.).
• Experience in incident response, penetration testing, applications security, network security, systems security or malware analysis.
• Expert understanding of information security and related technologies, such as encryption, authentication, access controls, mobile device management, vulnerability scanning, and authentication.
• Extensive knowledge in networking protocols (TCP/IP) and service protocols (HTTP, HTTPS, LDAP, SSL, SSH, SMTP, DHCP, DNS).
• Strong understanding of web security standards, architecture, web security best practices and application security best practices.
• Comfortable working with technologies at all levels of the OSI model, layers 1 through 7 desired.
• Information Security or networking certifications i.e. Security+, CEH, GIAC, CCNA Security, CISSP or CCNP desired.
• Previous experience within Information Technology at Health Care or Academic Institution and knowledge of regulatory requirements (HIPAA, FERPA, PCI, etc.) desired.
• Strong understanding of virtualization and Cloud (SaaS, PaaS, IaaS) technologies and can make recommendations on its use and its security desired.

Knowledge, Skills and Abilities

• Ability to create and present diagrams and reports for technical and non-technical audiences.
• Excellent written and verbal communication skills, on both technical and non-technical topics.
• Ability to deliver under tight deadlines and work off-hours as needed.
• Ability to produce professional-level documentation and reporting using Microsoft Office.
• Ability to think outside the box in terms of designing systems and solutions.
• Expert problem solving and decision-making skills and the ability to make decisions independently.
• Familiarity with SharePoint, Box, Confluence, ServiceNow or similar documentation storage and management systems.
• Fluency in navigating and using Mac OS X, Red Hat Linux, and/or Windows 7/2008/10/2016.
• Must be able to work in a very demanding and high-pressure environment.