Sr Cybersecurity Engineer

Job Description: As a Sr Cyber Security Engineer, you will be responsible for safeguarding an organization's computer networks and systems. You will utilize your expertise in cybersecurity principles, practices, and tools to protect sensitive data, prevent unauthorized access, mitigate potential security threats, and monitoring. Your role will involve designing, implementing, and maintaining security measures to ensure the confidentiality, integrity, and availability of information assets.

• Identify vulnerabilities and weaknesses that could be exploited by attackers.
• Help develop and implement security policies, protocols, and procedures.
• Conduct regular security assessments, vulnerability scans, and penetration testing.
• Prepare and present reports on security status and incidents to management.
• Stay current with the latest security trends, threats, and technology solutions.
• Understand, review, and interpret vulnerability assessment and scanning results, reduce false positive findings, and act as security advisor to business unit partners.
• Create detailed risk assessment reports which explain identified technical and logical security findings, describe potential business risks, and present prioritized recommendations.
• Develop and maintain documentation for security processes and compliance requirements.
• Contribute to the ongoing enhancement of the company's security assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools, and deliverables.
• Maintain knowledge of current emerging technologies and advancements within Cybersecurity.
• Provide expertise and solutions as a subject matter expert.
• Monitor and enforce guidelines for best practices in security and compliance.
• Orchestrate daily compliance requirements and tasks as required.
• Review and respond to escalated security events.
• Proactively hunt for vulnerabilities and threats within the environment.
• Maintain knowledge of adversary tactics, techniques, and procedures (TTP).
• Provide timely and relevant updates to appropriate stakeholders and decision makers.
• Monitor and analyze security systems to detect and respond to security incidents.
• Investigate security breaches and other security-related incidents.

• Experience:
  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
  • 2-3+ years of hands-on experience with the design, implementation, and operation of enterprise vulnerability management.
  • 2-3+ years experience supporting diverse IT systems, processes, or capabilities in large organizations.
  • 2-3+ years of solid understanding of industry best practices for hands on, security vulnerability remediation.
  • 2-3+ years of experience in incident response and/or computer forensics, with extensive experience within an enterprise-scale organization, including hands-on experience of complex data centre environments (preferably in finance or similarly regulated sectors).
  • 2-3+ years with SolarWinds (or other similar tools) in an enterprise environment.
  • Extensive experience with core vulnerability management scanners (e.g., Qualys, Tenable).
  • Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level.
  • Technical understanding of a range of enterprise on-premise IT and cloud-based architectures and technologies such as networking, server infrastructure, operating systems, web applications and databases.
• Skills and attitudes:
  • Understanding of mapping and scanning applications and systems, including port scanning, identifying services and configurations, spidering, application flow charting, and session analysis.
  • Technical understanding of current cybersecurity threats and trends.
  • Knowledge and experience with Windows and Linux operating systems.
  • Ability to correlate data from multiple sources to create a more accurate picture of cyber threats and vulnerabilities.
  • Ability to research, analyze data, and derive facts.
  • Familiarity with automated tools used to discover system and web application vulnerabilities such as Nessus, Nmap, Qualys, R7, etc.
  • Knowledge of vulnerability and risk assessment methodologies such as CVSS or OWASP Risk Rating Methodology.
  • Strong technical skills in Information Security, Incident Response, Network Security, Windows Security, UNIX/Linux Security, or Web Application Security.
  • Able to multitask, prioritize, and resolve multiple inquiries at once.
  • Excellent communication (oral and written), interpersonal, organizational, and presentation skills.
  • Strong work ethic, self-motivation, and ability to work independently, be creative, results-oriented, and adaptable.
  • Bonus Points:
    • Preferred certifications: Net+, Security+, OSCP, CEH, CISSP, GIAC (GSEC, GEVA, GPEN, etc.)