Duties & Responsibilities:
1. Systems Requirements Planning
- Develop and document secure system designs using principles such as Zero Trust and micro-segmentation to reduce cyber risk.
- Provide subject matter expertise to the Information Security Risk Management Team in assessing risks for new technologies or use cases.
2. Systems Security Architecture
- Serve as a security representative on technology project teams throughout the project lifecycle.
- Ensure that security controls are designed, implemented, and documented effectively.
- Advise on the criticality and remediation of known software and firmware vulnerabilities.
- Create and document solutions using a risk-based approach that balances business requirements, compliance needs, and cybersecurity risks based on the NIST Cyber Security Framework.
- Actively participate as a member of the Cyber Incident Response Team (CIRT).
- Design, document, build, implement, and support enterprise-class security tools and systems.
- Perform or oversee security assessments on critical infrastructure and applications.
- Explain complex technical topics to non-technical audiences effectively.
3. General Duties
- Continuously provide recommendations to enhance the security of user accounts, employee information, and constituent data.
- Communicate cybersecurity threats and strategies to mitigate risks effectively.
- Ensure compliance with enterprise security policies and standards.
- Participate in process improvement activities by providing documented security guidance and recommendations.
- Assist in creating and maintaining documented processes that apply security requirements from enterprise policies to Security Team operations.
- Respond professionally to inquiries from customers, vendors, and co-workers.
- Provide on-call support as required.
- Be available to drive a company or personal vehicle to assist during emergencies or events when needed.
Qualifications:
- Bachelor's degree or equivalent experience in computer, network, data, or cloud technologies.
- Comprehensive knowledge of all layers of the OSI model.
- Familiarity with security architecture frameworks.
- Current knowledge of the cyber threat landscape, vulnerability management, security monitoring, and security operations analytics.
- Proficiency in cybersecurity frameworks (e.g., NIST CSF, CIS 18).
- Proven ability to conduct risk assessments of applications, databases, and infrastructure.
- Strong verbal and written communication skills.
- Experience in creating and maintaining security-related documentation.
- Ability to work both independently and collaboratively in a team setting.
Preferred Qualifications:
- Relevant certifications such as CISSP, CISSP-ISSAP, CISSP-ISSEP, CEH, Security+ (or equivalent).