Senior Cyber Security Engineer

Job Title: Senior Cyber Security Engineer

Department: Information Security

Summary:

This position is part of the Data Recognition Corporation (DRC) Information Security Team that has an important role in the defining and enabling the secure operation of the DRC environment. The Senior Information Security Engineer will be responsible to design, architect, implement, and maintain the suite of security tooling that allows for detection and analysis of security events. The successful candidate will have had experience in building and maintaining security tools in an application development-centric environment, with experience in both cloud and on-premise security management.

This position also assists with other aspects of the security practice, including application and cloud security, vulnerability management, identity and access management, security detection and incident response.

This position can be fully remote, located on site in the Maple Grove headquarters building or hybrid.

Responsibilities:

This position will lead a wide range of senior security functions, with the focus being on enhancing and maintaining the tools and processes around event logging and vulnerability management. Responsibilities include:

Enhance and maintain SIEM solution, providing engineering support to capture relevant security log data from multiple sources, both on-premise and in the cloud

Develop appropriate correlation queries to incorporate common threats, indicators of compromise (IOC’s) and other relevant threat-feed data

Implement and manage application security tooling including SAST, DAST, and SCA scanning components

Develop incident response and remediation runbooks for common alert triggers

Manage and enhance detection and response activities

Perform dynamic and static application scanning and work with development teams to prioritize and remediate vulnerabilities

Develop and enhance Data Loss Prevention (DLP) capabilities across the environment

Lead vulnerability management efforts to identify, prioritize, and work with owners to remediate

Implement and monitor cloud security risk mitigation strategies

Support Identity and Access Management initiatives and provide security oversight on the IAM program

Research new technologies, vulnerabilities and attack vectors to proactively drive security improvement across the organization.

Essential Qualifications

5+ years of experience in a security analyst or engineer role in an enterprise environment.

Experience managing a Security Information and Event Management (SIEM) solution, including defining inputs, log aggregation, and alarm triggers.

Experience in, or deep understanding of application security in a development-centric environment.

Thorough understanding of security and network concepts (firewalls, WAF, IDS/IPS, DLP, IAM, wireless, endpoint security, DDoS, DLP, forensics, etc.)

Understanding of relevant security control frameworks, specifically NIST 800-53

Possesses a high level of personal integrity and the ability to discreetly handle sensitive, personal, and classified case information.

A broad understanding of securing both on-premise and cloud environments, including the technologies and processes required to secure and monitor.

Ability to grasp and assess “big picture” issues and bring them to light to foster positive change for a more robust data ingestion platform and process

Preferred Qualifications

College degree or equivalent work experience.

Security certification such as Certified Information Systems Security Professional (CISSP)

Experience assessing and implementing security incident detection systems

Experience supporting and participating in third party vendor security assessments and audits, reviewing audit findings as well as responses to security findings and remediation plans

Strong interpersonal skills and collaborative style to enable success across multiple partners

Cloud security experience, specifically AWS

Reporting to this position: No direct reports

The Employer retains the right to change or assign other duties to this position

Company cannot provide sponsorship for this position

Please, no agencies

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.