Senior Cybersecurity Engineer

Hearst Technology, Inc, Information Security Office seeks a Senior Cyber Security Engineer for their Security Operations Team.

This role is responsible for strengthening Hearst's cybersecurity posture through analysis, research, and security control validation.

The scope of the position's responsibilities includes analyzing security controls across a large ecosystem and building solutions to continuously validate the effectiveness of those controls.

This role will help validate Hearst's security posture and reduce the company's overall attack surface.

The Cybersecurity team is multi-faceted and focuses on driving value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.

Key Responsibilities :

• Conduct comprehensive and continuous validations of security controls. Requires analysis of assessments of IT systems, applications, and infrastructure, vulnerabilities, and potential risks.
• Develop ways to continuously test the effectiveness of security controls to mitigate identified risks, aligning with industry best practices and regulatory requirements.
• Design, build, deploy, and manage an internal certification program to manage the maturity levels of Hearst owned businesses
• Stay up to date on emerging security threats and trends, proactively evaluating and recommending necessary tests and countermeasures against those threats and trends.
• Where necessary work with threat hunters and penetration testers to conduct vulnerability scans and penetration testing with the goal of identifying and remediating system weaknesses.
• Develop and maintain accurate and up-to-date security documentation, including policies, procedures, and risk assessments.
• Track and report on key security metrics to measure the effectiveness of security controls and identify areas for improvement.
• Collaborate with cross-functional teams as needed.
• Participate in the continuous improvement of the organization's information security program, evaluating new technologies and best practices.

Skills & Experience Required :

• This is a senior level position and requires comfort and experience with disparate technology stacks, manual security work, web application functionality, IT security, and vulnerability and threat management.
• Minimum 8 years of experience in either offensive testing (penetration testing, red teaming, etc.), security engineering, security architecture, security analysis, or a combination thereof.
• Demonstrated experience planning and executing security tests.
• Ability to analyze an architectural document and strategically probe accordingly.
• Experience working with various technologies and cloud platforms such as AWS, Azure, O365, GCP, containers, etc.
• Understanding of current cyber threat landscape, the different tactics commonly used by adversaries and how one would investigate, contain, and recover against their attacks.
• Understanding of database technologies.
• Understanding of encryption technologies.
• Strong understanding of information security principles, frameworks (e.g., NIST, CIS), and methodologies (e.g., risk assessments, penetration testing).
• Proficiency in security assessment tools and technologies (e.g., vulnerability scanners, pen testing tools, etc.).

Other Experience :

• Strong work ethic with attention to detail.
• Demonstrated analytical abilities.
• Attention to detail, verbal and written communication, initiative, and motivation to learn.
• Strong written / oral communication skills required along with desire and ability to communicate with business leaders through all levels of the organization.
• Self-motivated with excellent planning and organizational skills; and the ability to prioritize tasks to meet deadlines and effectively manage changing priorities.
• Ability to liaise confidently and professionally with a diverse range of people.
• Professional customer orientation with a strong commitment to providing a high standard of customer satisfaction.
• Ability to deliver client-ready documentation and participate in relevant client meetings.
• Working understanding of project management principles, processes, and documentation.
• Able to work across teams effectively and efficiently.

Preferred Education & Experience

• Preferred : Working knowledge of technologies such as Kali Linux (and included tools), Vulnerability Scanners (Tenable, Qualys, or any related), Application Security testers (Nikto, Invicti, or any related).
• Preferred : Professional certifications relevant to necessary security knowledge. Examples are CEH, CPT, GPEN.
• Preferred : Bachelor's degree in information technology, computer science, information systems, or equivalent. Years of relevant professional experience are acceptable in lieu of academic credentials.
30+ days ago