Senior Cyber Defense Engineer

Job Description

In the role of Senior Cyber Defense Engineer, your primary responsibility will be to uphold our defensive security stance while spearheading the development of innovative cybersecurity solutions. Your duties will encompass advanced threat detection, ensuring adherence to compliance standards, and the operationalization of cyber defense tooling. You will be tasked with thorough product testing, upkeep of security features, and the deployment of solutions designed to protect our digital assets.

You will collaborate extensively with the broader Information Security team and business units, taking the lead in configuring and operating sophisticated cyber defense systems in alignment with our strategic roadmap. This role is pivotal in maintaining the integrity of our digital environment and advancing our cybersecurity initiatives.

Responsibilities

• Report to the Director of Cyber Defense Operations (CyberOps)
• Work closely with the Director of CyberOps to align security initiatives with business objectives and report on the progress and effectiveness of these initiatives.
• Defensive Security Technologies Management: Design, manage, and maintain defensive security technologies such as firewalls, intrusion detection systems, and data encryption protocols to protect Accumulus’ digital assets.
• Continuous Asset Security Monitoring (CASM): Configure and maintain CASM for the detection and alerting of cyber incidents, misconfigurations, and alerts. Set up automated alerts for suspicious activity, such as multiple failed login attempts or unusual data access patterns.
• Design and implement automation processes for performing custom detection rules, automated monitoring alerting and other repeatable SOC tasks using SOAR tools.
• Threat and Vulnerability Management (TVM): Regularly perform proactive security scanning and assessments, including DAST/SAST, and recommend priorities and appropriate mitigation strategies for all identified vulnerabilities. Conduct regular penetration tests to identify potential vulnerabilities in our systems and applications, and then work with other teams to prioritize and address these vulnerabilities.
• Security Assessments and Simulations: Lead regular security assessments, threat hunts, and red/blue team exercises to proactively identify and mitigate vulnerabilities.
• Cloud Platform Security: Collaborate with other IT teams to ensure that appropriate security controls are implemented to monitor for misconfigurations and security incidents in our cloud platforms (AWS, Azure, GCP).
• CyberOps Security Documentation: Develop and maintain CyberOps security documentation and procedures to ensure compliance with industry standards, best practices, control frameworks, and regulatory requirements (NIST, ISO27001).
• Penetration Testing and Remediation: Collaborate with the wider Information Security team and other key stakeholders in support of penetration testing and remediation of any findings.
• Incident Response: Support and participate in our CyberOps - SOC on-call rotations for Incident Response and escalations.
• External Technology Partner Collaboration: Work with our chosen external technology partners, providing support for our hybrid SOC (SOC-as-a-Service/XDR).
• Digital Forensics and Investigations: Assist and support digital forensics and investigations, maintaining documentation, processes, and procedures.
• Risk Management: Identify and report potential areas of vulnerability and risk, following our risk management processes. Conduct risk assessments to identify potential areas of vulnerability and risk, and then report these findings to senior management and make recommendations for how to mitigate these risks.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related technical discipline, or equivalent hands-on experience
• Minimum of 5 years of experience in IT security or IT system administration, with an emphasis on security engineering
• Comprehensive understanding of security principles, tools, and technologies, including but not limited to firewalls, IDS/IPS, vulnerability management, WAF, IAM, RBAC, Zscaler, CrowdStrike, Delinea, JAMF, and Intune
• Proficiency in conducting threat and vulnerability assessments, along with the development and implementation of mitigation strategies
• Exceptional problem-solving abilities and the capacity to work autonomously
• Robust analytical skills and meticulous attention to detail
• Preferred:
  • Experience with cloud platforms and services such as AWS, Azure, and GCP is highly advantageous
  • Effective communication and teamwork skills, with the capability to collaborate across various departments and convey technical information to non-technical stakeholders
  • Possession of certifications such as Security+, SSCP, CEH, or similar is beneficial
  • Ability to manage multiple tasks and projects concurrently in a dynamic environment
  • Strong commitment to continuous learning and improvement within the cybersecurity field