|Date Posted||October 21, 2020|
Are you excited by the dynamic and complex problems faced in the cybersecurity world?
Do you have a level of persistence that comes with a quiet confidence and tenacity to deal with the full force of employees from a CEO to a board-level executive to end users?
If you answered yes to the above, then you might be our ideal Cybersecurity Engineer.
As Compeat's Cybersecurity Engineer, your role will be to help drive our information systems and networks to be more secure and compliant with all the relevant security policies and processes. The Cybersecurity Engineer will have extensive Security Operations experience and the ability to build relationships with the Engineering organization, along with various departments to become a trusted partner for Cyber Security. You will also help design security testing strategies, conduct regular security reviews and identify risks.
What You’ll Do:
- Responsible for securing the infrastructure through working with the DevOps team to implement security best practices in the cloud and datacenter.
- Working with our Software Development teams to review security best practices for coding.
- Build automated security checks for code promotion.
- Security vulnerability scanning and remediation.
- Conduct Internal and external pen tests.
- Setup and configure security tools for: Monitoring and alerting, vulnerability scanning and security log analysis.
- Monitor appropriate sources for new vulnerabilities, evaluate the risk such vulnerabilities pose to the organization’s information and systems, and advise management of appropriate measures to eliminate or reduce the organization’s risk or exposure to such vulnerabilities.
- Build metrics on security vulnerabilities and remediations.
- Monitor organizational initiatives to ensure they adhere to security best practices.
- Contribute to the continued development of internal security control awareness in the organization.
- Manage security incidents and communication with stakeholders.
- Participate in appropriate opportunities for continuing education, seminars, organizations, etc.
What You’ll Need:
- 5+ years of experience with information technology security operations including: security incident management, vulnerability management, securing firewalls and networks.
- Bachelors degree in Computer Science, IT or other related field is preferred
- Experienced in pen testing (Internal and External).
- Deep understanding of cloud infrastructure and security.
- Industry certification preferred (e.g., CISA, CISM, CISSP, CRISC, GSNA, GLEG, etc.).
- Familiarity with privacy laws, data protection/security regulations, written contract language and frameworks, such as AICPA SOC1 Type 2/SOC2 Type 2, CCPA, GDPR, HIPPA, and PCI DSS.
- Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues and obstacles.
- Negotiation skills needed to obtain internal commitments to remediate risks and vulnerabilities.
- Strong analytical skills to analyze risks, threats, evaluate control effectiveness and internal controls.
- Excellent interpersonal and organizational skills; ability to analyze situations, respond independently, prioritize to meet deadlines, work under pressure, and be a team player while maintaining a positive attitude.
- Excellent communication, listening and facilitation skills.
- A willingness to mentor and guides fellow team members kindly and constructively.
- A desire to share knowledge and teach others.
- Be a good steward of our clients' data and of our business.
What will help you stand out:
- Fast learner and self-starter
- Highly skilled communicator and attentive to detail
- Energized by interacting with people throughout the day, both in person and via online channels of communication
- Able to negotiate with teams to define implementation strategies that maximize compliance without impacting productivity
- Proficient at time management and prioritization of deadlines
- Some level of experience and understanding of regulatory compliance frameworks such as SOX, or PCI-DSS.
- Experience with security frameworks such as SOC1 and SOC2, NIST CSF, CIS Cybersecurity Framework, NIST 800-53, and others.
Compeat Hiring Practices:
Compeat is an equal opportunity employer and evaluates applicants regardless of an individual’s age, race, color, gender, religion, national origin, sexual orientation, disability or veteran status. Our combined differences are what make us Compeat!
Compeat does not accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Compeat.