Senior Cyber Security Engineer

DRC is one of the largest educational assessment and curriculum / instruction companies in the industry.

Data Recognition Corporation

Senior Cyber Security Engineer

Maple Grove, MN

Company cannot provide sponsorship for this role

Please, no agencies

Summary :

This position is part of the Data Recognition Corporation (DRC) Information Security Team that has an important role in the defining and enabling the secure operation of the DRC environment.

The Senior Information Security Engineer will be responsible to design, architect, implement, and maintain the suite of security tooling that allows for detection and analysis of security events.

The successful candidate will have had experience in building and maintaining security tools in an application development-centric environment, with experience in both cloud and on-premise security management.

This position also assists with other aspects of the security practice, including application and cloud security, vulnerability management, identity and access management, security detection and incident response.

Responsibilities :

This position will lead a wide range of senior security functions, with the focus being on enhancing and maintaining the tools and processes around event logging and vulnerability management.

Responsibilities include :

• Enhance and maintain SIEM solution, providing engineering support to capture relevant security log data from multiple sources, both on-premise and in the cloud
• Develop appropriate correlation queries to incorporate common threats, indicators of compromise (IOC’s) and other relevant threat-feed data
• Implement and manage application security tooling including SAST, DAST, and SCA scanning components
• Develop incident response and remediation runbooks for common alert triggers
• Manage and enhance detection and response activities
• Perform dynamic and static application scanning and work with development teams to prioritize and remediate vulnerabilities
• Develop and enhance Data Loss Prevention (DLP) capabilities across the environment
• Lead vulnerability management efforts to identify, prioritize, and work with owners to remediate
• Implement and monitor cloud security risk mitigation strategies
• Support Identity and Access Management initiatives and provide security oversight on the IAM program
• Research new technologies, vulnerabilities and attack vectors to proactively drive security improvement across the organization.

Essential Qualifications

• 5+ years of experience in a security analyst or engineer role in an enterprise environment.
• Experience managing a Security Information and Event Management (SIEM) solution, including defining inputs, log aggregation, and alarm triggers.
• Experience in, or deep understanding of application security in a development-centric environment.
• Thorough understanding of security and network concepts (firewalls, WAF, IDS / IPS, DLP, IAM, wireless, endpoint security, DDoS, DLP, forensics, etc.)
• Understanding of relevant security control frameworks, specifically NIST 800-53
• Possesses a high level of personal integrity and the ability to discreetly handle sensitive, personal, and classified case information.
• A broad understanding of securing both on-premise and cloud environments, including the technologies and processes required to secure and monitor.
• Ability to grasp and assess big picture issues and bring them to light to foster positive change for a more robust data ingestion platform and process

Preferred Qualifications

• College degree or equivalent work experience
• Local candidates preferred
• Security certification such as Certified Information Systems Security Professional (CISSP)
• Experience assessing and implementing security incident detection systems
• Experience supporting and participating in third party vendor security assessments and audits, reviewing audit findings as well as responses to security findings and remediation plans
• Strong interpersonal skills and collaborative style to enable success across multiple partners
• Cloud security experience, specifically AWS

Reporting to this position : No direct reports

The Employer retains the right to change or assign other duties to this position

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Company cannot provide sponsorship for this position

Please, no agencies

Data Recognition Corporation is an Affirmative Action / Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.