Cyber Risk Management Engineer

This position does not offer work visa sponsorship

The Cyber Risk Management Engineer will implement enterprise information security solutions, such as authentication and authorization, public key infrastructure, data loss prevention, and security event information analytics, to address the current and emerging security needs of the business. This role requires the solution of enterprise-scale information security problems. In addition to implementing solutions, the Cyber Risk management Engineer will contribute to the design and on-going improvement of security solutions.

Responsibilities:

• Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Track threat actor groups, Understand adversary tactics, techniques, and practices.
• Implements enterprise technologies and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Maintains processes and documentation templates, and leverage tooling to enable security service delivery.
• Serves as a security SME in application development, database design, network, and/or platform and operating system efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Engages with security specialists, technology engineers and other functional area specialists to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements.
• Analyzes threat exposure based on emerging security threats, vulnerabilities, and risks and contribute to the development of solution architecture.
• Assesses the effectiveness of cybersecurity capabilities, both internal to the organization and at third parties using a prescribed assessment methodology. Influences decision making by educating business stakeholders on the risk.
• Works with engineers, other functional area specialists and security specialists to ensure security solutions are correctly implemented for IT systems and platforms to mitigate identified risks sufficiently and support business objectives. Serves as a cybersecurity subject matter expert, assessing cybersecurity risks to specific solutions and identifying options and recommendations for mitigating those risks.
• Communicates and interacts effectively and professionally with co-workers, management, internal and external customers and partners. Communicates cybersecurity risks and solutions to various technical audiences and levels of management. Maintains communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. Continuously tracks and reports the status of all operational and development efforts.
• Develops strong working relationships with and offer continuous assistance to other contributors in the information technology organization.
• Establishes and maintains relationships with suppliers in the information security industry.
• Educates, coaches, and mentors junior members of the team on technical, company policy & procedure, and other topics.

• 2+ years of professional experience with Bachelor's degree in Cyber Security, Computer Science, Information Systems or equivalent work experience in the IT field.
• A complete and working understanding of one or more information security and appropriate use enforcement technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, active adversary deception, and others.
• Knowledge of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors).
• Understanding of systems development lifecycle and projects work.
• Knowledge of laws, regulations, and standards relevant to the US Healthcare industry.
• Excellent written and verbal communication skills (including technical writing and procedure maintenance). Must be able to effectively communicate security concepts to a technical audience
• Able to understand moderately complex written and oral instructions
• Ability to clearly present security subjects and findings to technical peers
• Strong technical writing skills including documentation development, process mapping, and visualization
• Adaptive within domains of expertise.
• Ability to interact well with co-workers and outside contacts

• Certified Information Systems Security Professional (CISSP) is preferred
• GIAC is preferred

• Competitive base and incentive pay
• 401(k) with robust matching and non-matching contributions
• Rich medical & pharmacy benefits
• 100% employer-paid dental and vision benefits
• Holistic wellbeing program with deep financial incentives
• Generous paid time off plus 12 paid holidays and your birthday off
• Culture of growth and learning: career development; tuition reimbursement; recognition program
• Family support: adoption assistance, fertility treatment, child, elder & pet care assistance
• Social responsibility and volunteer opportunities
• Employee discount program