Cyber Security Engineer

Summary

The job is for a Cyber Security Engineer based virtually in PA. The role involves managing day-to-day operations, coordinating with third-party vendors, conducting vulnerability scans and penetration tests, ensuring compliance of controls, creating policies and procedures, and compiling metrics for key processes.

Requirements

• Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary
• Ability to travel up to approximately 15% (Domestic USA)
• Education Level: Bachelor’s Degree or Equivalent in technology or security field
• Field of Study: Information Sciences, Technology
• Certifications: PCI ISA, CISSP, CRISC or CISM
• Years of Experience: Generally requires 7-10 years of information security experience
• Skills: Working knowledge of PCI DSS. Familiarity with other security/industry standards (e.g. NIST, CVSSv3, OWASP etc.). Hands-on experience with the remediation of security vulnerabilities. Excellent written and verbal communication skills

Responsibilities

• Manage day to day operations and service level agreements from the 3rd party security vendor to meet customer obligations
• Coordinate the deployment of agents within client environment and work with client and 3rd party security vendor to configure the agent for monitoring of sensitive files and folders, and ensure centralized reporting
• Ensure continuous compliance of controls (e.g. agents continue to report-in, device log health, etc.)
• Review daily log file reports from 3rd party security vendor and highlight potential errors or anomalies. Investigate and escalate issues to relevant information security, technology, operations team within Client’s for Client’s managed devices, or escalate to client for devices outside of Client’s managed services scope
• Review or conduct monthly internal and external vulnerability scans. Escalate to relevant information security, technology, operations team within Client’s for Client’s managed devices, or escalate to client for devices outside of Client’s managed services scope
• Coordinate annual internal and external penetration tests with client and 3rd party security vendor. Escalate to relevant information security, technology, operations team within Client’s for Client’s managed devices, or escalate to client for devices outside of Client’s managed services scope
• Coordinate annual Self Assessment Questionnaire (SAQ) PCI-DSS requirement with clients and 3rd party security vendor. Provide on-demand SAQ portal support to clients in coordination with 3rd party security vendor. Report status, findings and trends to internal and external leadership
• Coordinate system accessibility for Client’s and Client, and ensure access is appropriate and managed
• Create or contribute to the development of policies and procedures related to assigned information security processes. Develop, publish, and communicate operating procedures and guidelines along, with any relevant policies and standard to support the assigned information security processes
• Compile metrics for key processes to allow for accurate status reporting and trending to assist in review of current processes, and identify areas for performance/continuous improvement