Principal Engineer Security Services

360training

En el sitio

Heredia, Costa Rica

360training:

360training.com is a rapidly growing leader in online training and live training across a wide range of industries and professions. 360training.com provides customers with the regulated training they need to get and keep jobs they want. Over the years, we have continued to grow our expansive library of regulatory-approved training courses with new content suited for today’s modern workforce. By offering these courses online, all 360training.com users experience the convenience and flexibility of earning their certifications in their own time, from anywhere in the world.

At 360training.com, we promote a culture of excellence centered around our two core values: Deliver Results and Do the Right Thing. That focus fosters the success of our employees, while maintaining a team-centric environment which inspires them to do their absolute best. One thing our associates get to experience is the ability to make an impact on day one of working here.

360training offers a compelling compensation package that ties to performance and impact. We offer statutory benefits, medical insurance, life insurance, paid time off, learning and growth opportunities, and a comprehensive employee engagement and wellness program.

Shift Timings: 08:00 AM - 05:00 PM - Central Time - Hybrid Model.

Principal Engineer Security Services

The Principal Engineer Security Services will play a crucial role in ensuring the ongoing security and protection of our company's information assets. They will be responsible for designing, developing, and overseeing the implementation of cybersecurity solutions to safeguard our systems, networks, and data. The Principal Engineer Security Services manages day-to-day security operations, participates in compliance and audit activities, and will establish and maintain effective security measures. This position requires a strong technical background, exceptional problem-solving skills, and a thorough understanding of security best practices.

Responsibilities:

Cybersecurity Strategy and Architecture:
- Architect, design, recommend, implement, and maintain security controls, countermeasures, and procedures in acquisition, development, business processes, and change management lifecycle of information systems; provide oversight to ensure compliance
- Develop and document security policies and processes based on common information security management frameworks (ISO 27001, SOC2)
- Lead the development of the organization's cybersecurity strategy and provide expertise in creating a secure architecture for IT systems and networks
- Collaborate with cross-functional teams to ensure cybersecurity measures align with business goals and regulatory requirements
Security Operations and Incident Response:
- Oversee security operations, including threat monitoring, detection, and incident response
- Develop and maintain an incident response plan, including procedures for handling security incidents, communication protocols, and post-incident analysis
- Monitor information systems for security incidents and vulnerabilities
- Administer and mature Data Loss Prevention and Information Protection policies and solutions
- Oversee the response to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches
- Work closely with the IT, DevOps, and development teams to identify, assess, and prioritize vulnerabilities across the organization's infrastructure, applications, and systems and ensure security requirements are incorporated into system designs and implementation
- Lead and coordinate incident response efforts to contain, investigate, and mitigate cybersecurity incidents effectively
Vulnerability Management:
- Develop and manage vulnerability assessment and penetration testing programs to identify and remediate security vulnerabilities in a timely manner
- Track and report on the status of vulnerability remediation efforts
- Consult with internal development teams to anticipate threats, advise on defensive coding strategies and remediate vulnerabilities in software
- Proactively anticipate and assess potential items of risk and opportunities of vulnerabilities in the network and systems
- Manage security information and event management (SIEM) systems, analyze logs, and detect potential security breaches
- Perform scans and report on patch compliance of technology systems and applications
Security Compliance and Auditing:
- Mature and maintain Information Security Management System (ISMS) and further develop security policies, standards and procedures in support of ISO 27001 certification
- Participate in internal and external security audits and risk assessments/reviews, including third-party software, service providers, customers, partner, and vendor audits
- Conduct regular internal security reviews and risk assessments, identify gaps, and recommend appropriate corrective actions
Security Awareness and Training:
- Promote a culture of security awareness across the organization through the development and implementation of regular training programs, awareness campaigns, and communication initiatives
- Provide technical information to systems engineering programs, team members and managers to ensure awareness and compliance with industry standard security best practices
- Provide guidance and training to employees on security best practices, policies, and procedures
Emerging Technologies and Threat Intelligence:
- Monitor industry trends, technologies, threat intelligence, and vulnerability disclosures to stay informed about new vulnerabilities and emerging threats; educate stakeholders and provide recommendations on integration into the organization’s security strategy
Security Documentation and Reporting:
- Prepare and maintain accurate and up-to-date security documentation, including policies, procedures, standards, controls, and guidelines
- Prepare regular reports for management on the state of cybersecurity, including risk assessments and key performance indicators (KPIs)
- Develop and deliver clear, concise, and actionable vulnerability reports and recommendations to various stakeholders, including executive leadership, IT, and development teams

Requirements:

Bachelor's degree in Computer Science, Information Security, or a related field
5+ years of experience in IT with a focus on IT security
Proven experience in information security engineering/administration roles, with a focus on security operations and incident response
Deep knowledge and experience with cloud security principles
Extensive experience in security operations, incident response, and vulnerability management
Certifications such as CISSP, CISM, CISA, or other relevant industry certifications are preferred
Strong knowledge of network security principles, encryption, authentication, secure coding practices, access controls, and security technologies (e.g., firewalls, IDS/IPS, SIEM)
Demonstrated experience in developing and implementing cybersecurity strategies and architectures
Knowledge of relevant cybersecurity regulations, standards, and frameworks (e.g., ISO, SOC, PCI-DSS)
Experience in IT system administration, network administration, and security operations
Excellent interpersonal and communication skills
Excellent problem-solving and analytical skills, with the ability to assess and respond to security threats effectively
Experience implementing and maintaining SIEM/Log Aggregator solutions
Working knowledge of vulnerability/compliance, patch management, anti-malware, APT, identity, and access control management toolsets
Strong knowledge of common vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7) and methodologies
Experience with Microsoft and Linux-based environments
Knowledge of Azure security and networking configurations

Postularme

Comparte este trabajo

Twitter Facebook Linkedin Correo electrónico