Senior Information/Network Security Engineer

  • Finalize the current state assessment of the integration of cybersecurity into the IT systems development lifecycle
  • Develop recommendations to better integrate security into the IT systems development lifecycle
  • Author policies, standards, and processes to facilitate effective and efficient integration of security into the IT systems development lifecycle
  • Initiate and execute the security relevant processes to integrate cybersecurity into the IT systems development lifecycle to include but not limited to:
    • Cyber risk assessments for IT projects
    • Develop and review cybersecurity requirements for IT projects
    • Review IT architectures for relevant cybersecurity risks
    • Review of available and applicable controls to mitigate cybersecurity risks to IT projects
    • Develop test plans for cybersecurity relevant controls inherited by or unique to IT projects
Required Qualifications:  
  • Good written and verbal English communication skills along with the ability to frame and communicate complicated technical cybersecurity topics to IT and business partners
  • A strong understanding of current adversary attack methodologies and applicable cybersecurity controls along with the ability to justify the applicability of specific controls against specific adversary tactics, techniques, and procedures
  • Experience in developing or refining either systems or software development lifecycle processes in accordance with any established methodology (preferably more than 1)
  • Demonstrated experience in developing or applying IT risk management processes
  • Demonstrated experience in assessing IT projects for cybersecurity risks at a highly detailed level, including but not limited to the evaluation of the majority of the following aspects of IT projects: networking, authentication & authorization (especially Microsoft Active Directory and/or Sailpoint technologies), Windows security, Linux security, and auditing & logging
  • Demonstrated experience as either a computer engineer, software developer, IT operating systems admin/engineer (Windows/Linux/Unix), or network admin/engineer
  • Prior experience having written either scripts or application code for use in a production environment, in any language