Cyber Security Engineer delivers security oversight across complex multi-cloud, multi-partner environments. This person is responsible for designing and supporting the administration and management of the IT/OT Security infrastructure and protecting its data and assets in accordance with established Information Security and policies, and industry best practices.
Responsibilities:
- Ensure delivery of an enterprise level cybersecurity program.
- Lead threat modeling and partner with technical delivery teams to integrate security requirements and practices into solutions.
- Drive security architecture reviews of platforms & applications in complex multi-tenant, multi-provider, and vendor-cloud environments.
- Help to deliver strategic roadmaps – Research and investigate new effective ways of delivering security as code, automation into the existing security architecture assessments and processes and other service delivery optimizations.
- Work with the IT teams to follow progress on strategic platform initiatives. Proactively manage oversight and promptly address any critical issues that may create risk.
- Experience designing and implementing security solutions for cloud-based systems, including IAM, network security, data protection, DevSecOps and compliance preferred.
- Experience in a role that has designed and implemented NIST 800-53, FISMA and FedRAMP Moderate/High controls is required.
- Strong understanding of cloud security best practices, controls, policies, encryption, authentication, authorization, and audit capabilities.
Qualifications:
- Bachelor's degree or equivalent experience in business, computer science, or management information systems
- 7 or more years of professional experience solving business problems with technology solutions at an energy facility or related industry
- Preferred industry recognized experience in security (e.g., CISSP, CCSK, CISA, CISM, CEH)
- Experience in IT security risk assessments and related frameworks (e.g., NIST 800 series, ISO 27000 series, IT General Controls)
- Knowledge of Identity and Access Management (IAM), Cryptography / Key Management, Access Controls and Security Protocols, secrets modernization, secrets management e.g., Multi-factor, SAML, OAuth, OIDC etc.
- Strong knowledge of the Azure/AWS Infrastructure services.
- Superior written and oral communication skills
- Strong analytical and system design skills
- Self-motivated and directed, with the ability to effectively prioritize and execute tasks in a high-pressure environment