Principal Security Engineer
Principal Security Engineer
Job Number: 19-04381
Job Number: 19-04381
Work where innovation drives business! Eclaro is looking for a Principal Security Engineer for our client in New York, NY.
Eclaro’s client is a globally recognized publisher and distributor of educational materials that is transforming itself with cutting edge technologies. If you’re up to the challenge, then take a chance at this rewarding opportunity!
The Principal Security Engineer position will work as a part of the client’s Security organization. They will report to the Director of Infrastructure, Security and Compliance but will work closely with the CISO, and the Director of Technology Operations to proactively identify and resolve security risk and issues. Assesses information risk and facilitates remediation of identified vulnerabilities with the client’s network, systems and applications. Reports on findings and recommendations for corrective action. Performs vulnerability assessments as assigned utilizing IT security tools and methodologies. Performs assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the Vendor Management Program. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and vendors regarding the security maintenance of their systems and applications. Provides weekly project status reports, including outstanding issues. The Principal Security Engineer assists in all IT audits, IT risk assessments and regulatory compliance.
- Assure alignment with CIS benchmarks controls are applied and configurations are maintained throughout the enterprise as part of the continuous monitoring
- Lead and assist in security risk assessments for systems and applications Address questions from internal and external audits and examinations.
- Develop policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including SOX, PCI, and/or FFIEC guidance.
- Facilitate IT security/risk training curriculum
- Serve as project lead within IT security projects
- Assesses information risk and facilitates remediation of identified vulnerabilities
- Performs vulnerability assessments as assigned utilizing IT security tools and methodologies
- Performs assessments of the IT security/risk posture within the IT network, systems and software applications
- Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios
- Design security solutions to address security vulnerabilities and weaknesses
- Continuously update the monitoring environment and tools in order to provide the correct level of insight into the environment
- Work with other members of the Client’s Technical team to implement security changes
- Act as a security subject matter expert on a variety of other security questions
- Work with the Security Architect, CISO, and Compliance team to assist in other security efforts
- Bachelor's degree in information systems, engineering or equivalent work experience
- 3-5 years of experience in security roles with increasing responsibility
- 2-3 years of experience in a Security Operations Center, or Continuous Monitoring role
- Experience with a variety of Continuous Monitoring, and vulnerability scanning tools
- 5-8 years or experience in an enterprise technology environment, ideally with experience across a variety of roles– operations, networking, systems and infrastructure architecture, or other as applicable
- Strong “Hands On” infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms
- Experience determining and implementing which security controls should be used to meet a variety of security best practices
- Excellent written and verbal communication skills — including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences — and strong interpersonal and collaborative skills
- Ability to operate with minimal supervision; a self-starter that can identify and fix problems without being told to fix an issue
- With certifications: ISC2, SANS, ISACA, or other recognized security professional credentialing organization
- Experience implementing SOX, PCI, ISO, NIST 800-53, NIST CSF, CIS / SAN Critical Controls
If interested, you may contact:
Bridgette Marks | LinkedIn
Equal Opportunity Employer: Eclaro values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.