Purpose of Position
The Cybersecurity Engineer, Senior will be part of the NetJets Cybersecurity Services team and provides leadership in the areas of: Vulnerability Management; Endpoint Detection & Response; Email Security; Data Analysis of security monitoring outputs; coordination of Remediation Patching; Analysis of threat landscape; Advise wide ranging teams on cyber risk and mitigation measures; and other daily Security and Compliance efforts.
The Cybersecurity Engineer, Senior will work in close collaboration with Security Incident Responders, Cyber Threat Intelligence Analysts/Operations and Cybersecurity Architects to improve the overall security posture of the firm. Tests, monitors and maintains information systems (IS) and cyber security policies, procedures, and systems, including access management for hardware, firmware and software. Ensures that IS and cyber security controls, policies and procedures are upheld and maintained. Identifies and helps mitigate security risks and exposures by leading investigations to determine the causes of security violations and suggests procedures to halt future incidents and improve security.
Tasks And Responsibilities
- Assists the team in proactively identifying security deficiencies or opportunities for improvement to enable secure global business by continuous evaluation and hardening of existing Cybersecurity Infrastructure platforms and solutions to prevent cybersecurity exploits.
- Performs duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.
- Collaborates with business stakeholders to provide security solutions that support their requirements.
- Develops tactical and strategically prioritized remediations to address security gaps ensuring management is apprised of the risk in a timely manner.
- Mentors and develops team members.
- Must stay up to date on the latest security trends, vulnerabilities, privacy legislation, and news items and communicate new finding with other team members.
- Assist in documenting policies, procedures and standards based upon guidance from Corporate Security Management.
- Assist in recommending changes in security policies and practices in accordance with changes in law.
- Assist in research of mechanisms and tools for control compliance.
- Assist in periodic audits of business entities to ensure continued compliance.
- Provide Incident Response support for the enterprise and business units as needed.
- Assist in providing consultative security expertise to business units and Corporate IT teams in support of projects as needed.
- Provide continuous monitoring and research of real time alerts.
- Assist in tracking and reporting of policy violations.
Education
Bachelor's in Information Technology or Computer Science
Certifications and Licenses
Years Of Experience
6-8 years of experience
Core Competencies
Service-Oriented
Curiosity
Collaboration
Adaptability
Strives For Positive Results
Knowledge, Skills, Abilities And Other (KSAOs)
- Certifications preferred: CISA; CISSP; CEH; GSEC; Security+
- Outstanding organizational, interpersonal and communication (written and verbal) skills.
- 4-6+ year experience with various standards (PCI/DSS, SOX, FedRAMP HIPAA etc.)
- 4-6+ years’ experience in an Information Technology security role.
- Gaining understanding of network and security technologies (NextGen firewalls, vulnerability management, endpoint security, DLP, etc.)
- Ability to manage changing workloads while maintaining a sense of priorities and delivering quality service within required timeframes.
- Ability to learn new technologies and applications and apply that knowledge to daily workflows.
- Attention to detail, organized and able to work and research independently.
- Team oriented, works well with Senior level team members and managers.
- Demonstrated adaptability, analytical and problem-solving ability, and attention to detail.
- Solid understanding of web application security/OWASP Top10