Cyber Security Engineering Lead
CISOSHARE is growing and searching for experienced cyber security engineering lead to support client projects in a growing and diverse client portfolio. CISOSHARE is the leader in Cyber Security Program Development, headquartered in Orange County, California. Our team has over fifteen years of experience in this niche cyber security field, which has become one of the most in-demand cyber security services requested across major global and emerging businesses.
WHO WE ARE LOOKING FOR:
CISOSHARE is growing and searching for an experienced security engineer to support client projects in a growing and diverse client portfolio. CISOSHARE is the leader in Cyber Security Program Development, headquartered in Orange County, California. Our team has over fifteen years of experience in this niche cyber security field, which has become one of the most in-demand cyber security services requested across major global and emerging businesses.
The successful candidate will be joining at an exciting time where CISOSHARE is shifting to a more hands-on technical approach with our clients. The successful candidate will report to the Chief Technology Officer and work directly with our Services teams to shape the cyber defenses of our clients. This role is responsible for implementing and configuring security controls across a range of technologies with our clients to ensure security safeguards are implemented and tuned for each of our clients. The Cybersecurity Engineer will work across internal teams and will collaborate closely with our clients to deliver solutions for the business, consistent with an enterprise information security architecture strategy.
The Cybersecurity Engineer will function as an engineering subject matter expert for specific cybersecurity technology tools. They will partner with clients and our services teams to deploy and sustain secure solutions by understanding the technical aspects of the business problems and applying sound security engineering knowledge and experience.
RESPONSIBILITIES AND DUTIES:
- Implement and configure security safeguards for enterprise & cloud environments at the system, network, end-point, and application layers
- Use strong interpersonal skills to articulate vulnerabilities to technical and non-technical audiences
- Support clients in designing, implementing, deploying, and maintaining systems with security best practices and controls
- Assist clients with security engineering support from implementation through maintenance
- Interact with technology teams to understand and define business, functional, technical, and security requirements
- Leverage technical understanding of vulnerabilities and exploits using knowledge of secure application development & cloud deployments to select and implement appropriate controls
- Communicate effectively with representatives of the clients’ business units, technology specialists, and vendors
- Support clients’ security teams to comply with risk, audit, regulatory, and legal requirements
- Determine technical solutions to address security weaknesses and work with relevant stakeholders to implement them
- Escalate and brief senior management on issues affecting technology delivery
- Collaborate with CISOSHARE and client security architecture resources to implement and maintain a mature suite of preventive and detective safeguards
- Contribute to project management plans, work breakdown structures, and status reporting for deliverable tracking to clients
- Travel up to 20%
- Perform other duties as assigned
QUALIFICATIONS AND SKILLS – EDUCATION, EXPERIENCE, AND TRAINING:
- Min 5+ years experience, 10 years desired in a cybersecurity role with technical consulting/delivery experience.
- Deep experience designing and securing environments in cloud services and on-prem architectures
- Excellent technical Subject Matter Expertise in an area such as operating systems, network devices and protocols, security technologies, cloud technologies, and/or secure data sharing workflows
- Desire and curiosity to learn new complex technologies and processes
- Strategic thinker able to make confident and informed decisions
- Ability to balance multiple demands in a fast-paced growing environment
- A dedicated and self-driven desire to think creatively and produce results
- Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors
- Excellent verbal and written communication skills
- Experience with best practice and compliance requirements and standards – NIST 800-53, ISO 27001/2, PCI-DSS, HIPAA, SOC2, GDPR
- Culturally aware and adaptive customer service approach
- Bachelor’s degree, preferably Information Systems Management, Computer Science, Criminal Justice or related fields or equivalent
- Experience implementing or operating vulnerability management tools
- Experience operating incident management tools and supporting the incident management process
- Familiarity with NIST, ISO, SOC controls
- Knowledgeable with Active Directory, system hardening, network architecture, DMZs, and application security techniques
- Don’t just build and maintain, perform analysis of everything associated with security in a technical architecture.
- Ability to present or interface with customers at engineering to executive level.
CERTIFICATES, LICENSES, REGISTRATIONS:
- Must have a valid state driver’s license with a good driving record.
- Any of the following is desired: CISSP, CCNA, MCSE, CCNP, CCIE, Security+, or Network+
TOOLS and TECHNICAL SKILLS:
- Advanced in chat applications, online meetings, and collaboration tool
- Firewall experience with Palo Alto, Checkpoint, Fortinet, Cisco ASA, Cisco Firepower
- Experience with implementing and maintaining web application firewalls
- Experience with implementing and maintaining end point protection; CrowdStrike, Cylance, McAfee, SentinelOne, etc.
- Experience with vulnerability management tools; Nexpose, Qualys, Nessus
- Experience implementing, tuning and operating SIEM technologies such as Splunk, ArcSight, LogRhythm, Q-Radar, Elk, etc.
- Experience defining, designing, and securing cloud architectures in AWS, Google Cloud, Azure
- Experience designing, implementing, and maintaining DLP and email security platforms; Mimecast, Proofpoint, etc.
- Experience with incident response and forensics technologies such as SIFT, EnCase, Stealth Watch, FTK, Splunk, etc.
- Exp with IDS/IPS tools such as Snort, Palo Alto, SourceFire
- Advanced in chat applications, online meetings, and collaboration tools
- Lots of growth opportunity
- Work in an emerging career field
- Experience a small company culture while supporting a global client portfolio