Cybersecurity Engineer II

OverviewUnder general direction, the Cybersecurity Engineer II provides engineering support and capability to consult/troubleshoot security related matters for enterprise products, information systems and network architectures. This role promotes compliance with security policies and procedures, recommends secure best practices during architecture, designs and implements phases of the product lifecycle. This position protects against the unauthorized access, modification, or destruction of systems or data. This role demonstrates the importance of building security requirements and practices into the systems engineering process and the software development lifecycle. A wide degree of security-relevant creativity and latitude is expected. Communicates with manager regarding status of projects and initiatives.ResponsibilitiesProvides daily, ongoing security oversight of assigned complex systems, including the security impact of proposed modifications, additions, and technology refresh evolutionsWorks within a team to develop customized technical solutions to unique problems while adhering to security policies, procedures, standards and best practices Develops creative technical and procedural solutions to effectively secure information systems without introducing significant operational overheadAids in the development of architectural designs, and reviews new product implementationsAssists with troubleshooting and performs research to identify the cause of issues and identify potential solutionsProvides mitigation recommendations to reduce identified security risksEstablishes and enforces security best practices, protection objectives, process improvements and effective security controls with associates and customers Assists in security incident response and documentationAssesses the overall security risks to the system by understanding system security vulnerabilities and associated threatsAnalyzes impact of software installations, configurations and infrastructure modifications to minimize system downtime when recommending security remediation’sAssists in mentoring junior team members on security operations processes and proceduresAdvises associates of the security features and procedures used in their products and systemsPerforms regularly scheduled security reviews (e.g., technology, operations and personnel)Participates in annual reviews of policies, procedures and security controls in support of security framework assessmentsQualificationsRequired Knowledge, Skills, and Abilities:Technically proficient knowledge of Identity and Access management principles, including single sign-on, least privilege, identity federation, access provisioningKnowledge of cybersecurity operation processes and essential security program functions that include event monitoring and security information and event management technologies, risk management, vulnerability scanning and management, access controls and authentication measuresAbility to connect threat analysis to risk management principles to formulate security priorities and provide business level risk decision supportAbility to gather, analyze and interpret business drivers and developing practical security solutions that provide value to security and support the businessAbility to work with customers to understand and respond to their information security needs and/or concerns, represent our security program and how the program protects the customers’ data, and discuss the roadmap designed to continuously improve our security postureAbility to present technical information to technical and nontechnical audiences using collaborative systems and presentation softwareAbility to quickly learn and understand complex environments, independently reaching stretch goals, and continually improving knowledge and capabilitiesExperience:8 years of experience in Information Security 5 years of experience implementing and enforcing Identity and Access Management5 years of experience with software and security architectures and has a clear understanding of security protocols and standards 3 years of experience in networking concepts and services5 years of experience with IT system, local and wide-area network administration, telecommunications, and/or security protection technologies including multi-factor authentication and single sign-on technologies5 years of experience conducting risk assessment work, IT auditing of compliance requirements, or framework gap analysis5 years of experience with multiple cloud provider security standards and cloud administration capabilitiesRequired Training, Certification and Education:Bachelor’s degree in computer science, information systems, engineering, business administration or a related field; experience can be substitutedWorking Conditions: Must be able to sit and use equipment at workstation for up to 8 hours dailyAbility to be on-call and available when work requiresHome office/Remote, based in FloridaBenefits OverviewAt NASCO, we trust ou