Description IT Security Engineer United States - Flexible Location Who We Are SiriusPoint is a global underwriter of insurance and reinsurance. We utilize deep risk capabilities to protect our customers and provide intelligent risk solutions to clients and brokers around the world. Bermuda-headquartered and listed on the New York Stock Exchange (SPNT), we work as 'One SiriusPoint', to apply expertise and underwrite risks across our four operational areas - International Insurance, North American Insurance, Global Accident and Health, and Global Reinsurance. We have underwriting hubs in Bermuda, Liege, London, New York, Stockholm and Toronto, and licenses to write Property & Casualty and Accident & Health insurance and reinsurance globally. Join Our Team You will be our IT Security Engineer and will report to the Chief Information Security Officer. The IT Security Engineer is accountable for contributing to and strengthening, the corporate Information Security program. The IT Security Engineer is responsible for the day-to-day operations of the in-place security solutions and the identification, investigation, and response to security events detected by those systems. IT Security Manager also participates in the vulnerability management program. The IT Security Engineer presents a working knowledge and understanding of business security practices and procedures, including but not limited to, knowledge of currently available security tools, various communication protocols, incident response processes, vulnerability and patch management best practices, privileged access management, encryption techniques/tools, and 3rd party security risk assessments. This role occasionally makes presentations, provides training, communicates with leadership and non-technical audiences about security topics, and collaborates with technical engineers on security solutions implementation. The IT Security Engineer is expected to be fully aware of the enterprise's security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals by collaborating with various IT and Non-IT functional groups to ensure effective service delivery of system security programs for internal clients. Your responsibilities will include:
- Interfaces with SIEM providers and receives and interprets SIEM reports.
- Administers EDR Tools and proactively remediates threats
- Analyses security events to determine their root cause and advises on resolution.
- Analyses security vulnerabilities and assists in vulnerability management programs.
- Administers vulnerability management scanners and prepares applicable reports.
- Advises on Windows and non-Windows systems patching as required by vulnerability management program.
- Researches, and monitors for published current cybersecurity threats, vulnerabilities, and security advisories.
- Administers PAM (Privileged Access Management) tool to manage privileged access accounts.
- Administers DLP tools and advises on corporate DLP programs.
- Performs 3rd party risk assessments on our vendors and partners.
- Executes, and maintains incident response procedures.
- Maintains, supports, and coordinates corporate User Security Awareness Training programs
- Coordinates with internal and external auditors to assure HIPAA, SOX, NYDFS, and other regulatory compliance and proactively identifies audit and compliance-related issues to reduce the risk of security exposures and non-compliance.
- Plans and implements security improvements and solutions to assure the US and European regulatory compliance (DORA, HIPPA, NYCRR, GDPR, Cyber Essential, BMA).
- Prepares necessary audit documentation and timely files reports and appropriate evidence required.
- Creates and modifies Information Security related manuals, IT documentation, and infrastructure designs.
- Advises on security best practices for corporate solutions, application suites, and products.
- Researches current trends and technologies for future product ideas.
United behind common goals At SiriusPoint we work as one team across our global business, and we unite that team behind common goals, understanding the positive impact we can all make at SiriusPoint. We aim to retain and attract great people, knowing they can achieve a rewarding and enriching career. Our Purpose is to provide security and resilience in an uncertain world. Our Vision is to be recognized as a best-in-class insurer and reinsurer utilizing deep risk capabilities to protect our customers. Blending our talent, expertise and data to provide intelligent risk solutions. Our culture is one of performance and accountability. Our people are our experts and you will be empowered to apply your expertise in a supportive, collaborative and purposeful environment. Our Values are at the heart of our business, and which guide every day actions and decision making.
- Integrity: Integrity, respect and trust are our core principles
- Customer Focused: Our customers are the reason we exist
- Solution Driven: Creating solutions is our mindset
- Diversity: Diversity, inclusion and allyship make us stronger
- Collaboration: Collaboration drives outperformance
Your skills and abilities should include:
- Strong IT skills and deep understanding of cyber security, and hacker methodology.
- Experience in malware/software analysis, vulnerabilities, and incident response.
- Experience with cybersecurity tools such as CrowdStrike, Darktrace, Rapid7, antivirus, and antimalware suites.
- Strong audit and compliance assessment skills, ability to effectively define gaps, evidence, and remediation requirements while achieving targeted delivery results. General knowledge of HIPAA applicable security/privacy controls, Sarbanes-Oxley, NIST cybersecurity framework.
- Strong organizational skills, ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results.
- Effective written, and verbal communication skills. Ability to tailor communication style to the audience at hand.
- Ability to stay up to date with the current cybersecurity regulatory landscape to account for changing circumstances when evaluating security compliance, and maintain technical proficiency via self or formal training.
- Ability to operate independently and as a part of the team to ensure our software, hardware, and related components are protected from cyber-attacks.
SALARY: The estimated salary range for this position is $100 tp $120,000 per year . This is a good-faith assessment of the salary range for this position only. In determining the actual salary within this range, SiriusPoint will consider a candidate's relevant experience, location, and other job-related factors. Be Yourself Why Should You Join SiriusPoint? Our people are our experts, and from day one you will be empowered to apply your expertise in a supportive, collaborative, and purposeful environment. Our Values - Integrity, Customer Focused, Solution Driven, Diversity, and Collaboration - are at the heart of our business, and they guide our everyday actions and decision making. We also unite our global team behind common goals, ensuring you can make a meaningful impact. We aim to retain and attract great people, knowing they can achieve a rewarding and enriching career. We offer a competitive and above market compensation package. The following are some of the benefits and perks we offer our employees:
- Medical
- Dental
- Vision
- FSA Medical and Dependent care
- Health Savings Account (HSA)
- EAP
- Basic Life and AD&D (company paid)
- Basic Long-Term Disability (employer) paid-Taxable income
- Employee paid Long Term Disability(voluntary)
- Company Medical Leave, Parental leave- 8 weeks full pay after 6 months of service
- Voluntary benefits: short term disability, Critical illness, Hospital Indemnity, Accident
- Travel assistance programs Company paid
- 401(k) 6 % safe harbor match, fully vested after two years, pre- and post-tax contributions allowed
- Gym reimbursement
- Legal plan
- Pet Insurance
- Tuition reimbursement
- Generous PTO
- Flexible work arrangement
- Fully stacked pantry on-site
- Team outings
- ERG Groups
We Achieve More Together At SiriusPoint, we know that diversity, inclusion and allyship make us stronger. We value and are committed to supporting the unique voices, backgrounds, cultures, lifestyles, and contributions of the diverse global employee base that make up our business. We know that a diverse and equitable culture, where all voices are included and heard, is critical to our success as an employer. We are committed to developing our DE&I strategy to ensure that SiriusPoint remains a supportive and empowering place of work.