EDUCATION AND/OR TRAINING:

• Bachelor’s degree in Information Security, Computer Science, Information Systems or relevant work experience.
• Security certifications such as Security+/GSEC/CISSP/other GIAC or advanced technical certifications are a plus but not required.
• Microsoft Azure Architect Expert, Azure Security Engineer, Azure Security Architect Expert, AWS Solution Architect Expert certifications a plus but not required.

RELEVANT WORK EXPERIENCE:

• 6-8 years of combined Information Security and Technical Engineering Experience.
• Strong experience and knowledge with operating systems, networking, cloud and security platforms tools. This includes assessing, designing, implementing, and maintaining systems and security controls.
• Strong experience with common information security management frameworks, MITRE ATT&CK, NIST Cyber Security Framework, NIST 800-53, CIS Critical Security Controls, International Standards Organization (ISO) 27001/27002
• Robust breadth and depth of technical expertise in security operations and other related areas within information technology departments such as Infrastructure, Engineering, Networking or Development.
• Strong experience with securing cloud environments (e.g., AWS, Azure) and implementing security controls in a cloud-native or hybrid architecture.
• Strong proficiency in scripting and programming languages, such as Python or PowerShell.
• Knowledge of evaluating OWASP and integrating security controls into DevOps and Developer pipelines.
  

  LI-BS1

• Designs and develops security solutions and controls for complex environments, ensuring the integration of security controls and compliance requirements.
• Collaborates with stakeholders to understand business requirements and translate them into effective security solutions and controls.
• Evaluate, deploy, and configure security tools and technologies to enhance the security posture of the organization. Provides security control knowledge and design concepts to Information Technology Teams
• Proficiency in performing risk assessments and providing requirements to business and IT across on-premises, hybrid, and cloud (Azure and AWS) workloads.
• Familiar with developing, planning, and deploying cloud technical policies (Azure Policy) and coordinating impact to IT resource owners to ensure success
• Proficiency with Cloud Security Posture Management (CSPM) tooling and instituting shift-left security into CICD pipelines.
• Familiarity with Microsoft Cybersecurity Reference Architecture, Azure Security Benchmarks, AWS Benchmarks, and Cloud Well Architected Frameworks.
• Partners with vendors and internal teams to conduct assessments and optimization of security solutions and products to optimize value and effectiveness of solutions.
• Evaluates existing solutions, threat landscapes, and market capabilities and proposes changes to existing portfolio to improve effectiveness, cost, and efficiency of solutions.
• Maintain accurate and up-to-date documentation of security controls, configurations, and procedures.
• Researches, evaluates and recommends for enterprise level security products and technologies that align with the organization’s needs and goals.
• Leads the implementation and deployment of enterprise security solutions. This includes configuration, fine-tuning security controls, integrating them with existing systems, and ensuring proper functionality and interoperability.
• Create comprehensive documentation, including design documents, installation guides, and operational procedures, to support the deployment and maintenance of security solutions. Provide training and knowledge transfer to relevant teams to ensure proper use and administration of security tools.
• Stays abreast of the latest security trends, threats, and technologies through ongoing research and professional development. Proactively identify areas for improvement in security posture and recommend enhancements to security policies, procedures, and technologies.
• Leads escalated Incident Response activities as a Subject Matter Expert through the Incident Response life-cycle.
• Support the ongoing administration, design and use of the Security Tools.
• Continuously learn and stay updated on the latest security trends, technologies, and threats, and adapt to evolving security challenges.
• Advise management on best practices, current trends, and pertinent changes in internal/external threats and opportunities for improvement. This includes presenting action plans for mitigations and implementations.
• Performs enterprise scale control assessments based on Tactics, Techniques and Procedures (TTPs) and threat reports from information sharing organizations (US-CERT, FS-ISAC, etc.) Recommend and apply adaptive security measures based on investigative findings and threat monitoring.
• Leads collaborations with cross-functional teams, including IT, engineering, and business units, to achieve common security objectives and drive security initiatives forward.
• Partners with Development and Development Operations (DevOps) to integrate security controls.
• Provides guidance and support for peers and junior staff.
• Performs all other duties and special projects as assigned.