LEAD SECURITY ENGINEER COVER LETTER TEMPLATE

• Supporting different teams with security proficiency, helping to reduce security vulnerabilities
• Developing automation and guidance to resolve common security problems
• Acting as the SME for detecting and resolving code security defects and the relevant security tooling in the CI/CD pipeline
• Identifying areas for improvement within the existing setup
• Making recommendations on security vulnerabilities, collating data and presenting to product owners and stakeholders to enable them to make informed decisions
• Developing and managing the security training content for the development teams
• Leading the remediation of software vulnerabilities and providing context to decision makers to help manage risks and make informed decisions
• Implementing improved security tooling in the CI/CD pipeline and developing secure coding best practices
• Supporting security champions to proactively identify any gaps in knowledge in their teams
• Detecting where to align security controls at different stages of the development lifecycle
• Leading the adoption of secure-by-design software components by development teams
• Supporting security feature reviews and threat modelling
• Developing scripts and tooling to shift less common security tasks to DevSecOps

Skills: Security Automation, Code Defect Detection, CI/CD Security, Vulnerability Remediation, Risk Communication, Security Training, Threat Modeling, Secure Coding

• Use architecture and design documentation and an understanding of the interactions between EA products to create security assessment scoping documents
• Develop a broad and deep technical understanding of EA products, services and architectures, using that understanding to perform in-depth reviews
• Identify systemic vulnerability trends and patterns, and propose and engage product teams at a senior level to address these issues at EA
• Correctly rate the security impact of discovered vulnerabilities and articulate effective remediation steps to product teams
• Drive remediation of vulnerabilities by engaging the leadership of product teams
• Give presentations at internal and external security conferences
• Propose and help develop educational materials to raise security IQ across EA
• Participate and contribute in strategic conversations at the SPEAR management level
• Conduct full interviews and offer feedback on the VAP strategy
• Identify and distill external research to improve knowledge across EA Security

Skills: Security Scoping, Architecture Review, Trend Analysis, Vulnerability Rating, Remediation Leadership, Security Presentations, Educational Development, Research Synthesis

• Develop multi-year IT security program plans, standards and specifications for security monitoring technologies, software, and procedures necessary to verify data confidentiality, integrity, and availability
• Develops scalable, focused and integrated plans for supporting on-premise, private/public cloud and SaaS solutions
• Uses advanced knowledge and including monitoring commercially provided, public-sourced and higher education community information to understand threats, create signatures for advanced attacks, and maintain advanced intrusion detection/prevention configurations
• Mentors and collaborates with network and cybersecurity engineers on developing detection capabilities and other activities related to supporting confidentiality, integrity, and availability
• Provides hands-on support and input to cybersecurity forensics activities, including data hold, recovery and preservation as well as capability planning in collaboration with university offices
• Leverage capabilities to detect anomalies and events, understand potential impacts, triage actions and priorities
• Identify sources, causes, collect and protect evidence for further analysis and/or prosecution
• Notify relevant parties for awareness and recovery activities
• Lead, aid and perform recovery processes including identification and remediation of vulnerabilities, application of measures limiting damage and shutting down threat actor access, removing and/or archiving attack artifacts, update defense systems

Skills: Security Program Planning, Cloud Security Strategy, Threat Detection, Engineer Mentoring, Forensics Support, Anomaly Analysis, Evidence Handling, Incident Recovery

• Manage and coordinate communications during and after an event including incident status reports, management reports and after-action activity reports as well as relevant metrics
• Verifying the effectiveness of protective and responsive measures
• Monitoring metrics and reports
• Updating monitoring solutions and restoration of services, while also learning from failed safeguards
• Ensuring response planning processes are executed during and after an incident
• Analyze the effectiveness of response procedures and activities through post-incident review with relevant parties to allow for feedback
• Discover process deficiencies and guide updates to relevant documentation and technical configurations
• Builds partnerships and relationships across the university community to help improve vulnerability detection and resolution through the co-development of remediation plans

Skills: Incident Communication, Control Verification, Metrics Monitoring, Monitoring Improvement, Response Planning, Post-Incident Analysis, Process Optimization, Stakeholder Collaboration

• Drive application security in the development department
• Engaging with and through security engineers, developers and product managers
• Coach security engineers on security by design principles, threat modelling, security code reviews, etc.
• Define the security roadmap and proactively adopt vulnerability and threat detection tools
• Continue automating and drive the adoption of security automation tools within the teams
• Automating security testing, 3rd-party vulnerability assessments, and static security code analysis
• Drive the onboarding process to HackerOne
• Collaborate closely with Visma’s security experts in cross-teams and cross-project initiatives
• Collaborate with the legal and compliance team

Skills: Application Security, Security Coaching, Threat Modeling, Security Roadmapping, Automation Adoption, Vulnerability Detection, Cross-Team Collaboration, Compliance Coordination

• Serve as Lead technical systems security subject matter expert, providing guidance and recommendations
• Management of Information Security policy related to strategic partner administrators providing Tier 1 support
• Review vulnerability assessment results, prioritize, and assist in remediation efforts
• Preparing Security Incident Response, working with SMEs
• Develop a penetration testing plan and track/ensure the resolution of vulnerabilities identified
• Manage IT assets/security, such as laptops, docking stations, and monitors
• Lead the implementation and management of Operational / SOC II security controls
• Maintaining documentation related to internal controls and procedures related to information security, such as Disaster Recovery Plan, Business Continuity Plan, IT Change Control Plan, IT Operations and Security Plan
• Monitor security advisories that impact security risk and compliance updates
• Identifying and incorporating security capability requirements into the security strategy
• Build/Maintain a partnership with software vendors for compliance needs
• Security assessments of the onboarding of the new vendors
• Lead other efforts in expanding the security team

Skills: Security Expertise, Policy Management, Vulnerability Remediation, Incident Response, Penetration Planning, SOC Controls, Compliance Documentation, Vendor Assessment

• Provide network security architecture expertise and work with the global network architects and engineers to define the network security policies
• Work closely with engineering teams to design globally consistent and secure network infrastructure policies and to establish and enforce policies
• Participate in and lead large-scale strategic initiatives and tool/automation implementation to advance the company's overall network security architecture and improve business outcomes
• Develop a strategic firewall security standard and framework using the current technology roadmap
• Provide expert network Security policies and analytical guidance for the technical framework
• Identifying security integration gaps for information security standards
• Ensure all parts of the technical design are securely incorporated and provide quality control
• Design and implement new features while continuously improving the quality of information security products such as Zero Trust, Application Security, Cloud Security, Next Gen Threat Detection and big data analytics
• Engage and support banking application teams integrating with information security products
• Develop software meeting code quality standards and metrics
• Create and maintain technical documentation for the team to reference and share with internal customers
• Participate in communities of practice by contributing to and following standards, reviewing others' code, and sharing knowledge
• Provide technical support to regulatory agencies, external auditors, and internal auditors to respond to audits and examinations of the Bank's control environment

Skills: Network Security Architecture, Policy Design, Strategic Initiatives, Firewall Standards, Integration Analysis, Secure Design, Feature Development, Audit Support

• Conduct cybersecurity assessments on managed systems and technologies, ensuring compliance with Cybersecurity Standards
• Manage the assessment lifecycle from beginning to end
• Responsible for assessment program maturity, ensuring assessment-related documentation and activities align with current cybersecurity standards as well as the current threat landscape
• Assist in developing the cybersecurity roadmap, and delivering secure systems, cyber applications, technical projects and regulatory and risk requirements
• Engineering, implementing and monitoring security measures for the protection of computer systems, networks and information
• Monitor Security logs, SIEM, IDS/IPS, endpoints, etc., for security alerts
• Identify vulnerabilities and configuration issues and resolve or escalate accordingly
• Maintain the operational integrity of the Security Operations Center (SOC) through monitoring and periodic testing of critical tools and processes
• Design a computer security architecture and develop detailed cybersecurity designs
• Participate in discussions with prospects and customer IT Security Teams during the Sales and Vendor Due Diligence processes, explaining the security posture of the Fusion Framework System, as well as the security posture of Fusion Risk Management as an organization
• Perform security due diligence on Fusion's 3rd Party Vendors, ensuring they comply with Fusion's security standards
• Respond to information security issues during each stage of a project’s lifecycle
• Assist in yearly 3rd Party Audits of Fusion including Fusion's SOC 2, Salesforce.com Security Review of Fusion Assets, Fusion Framework Penetration Testing, and more

Skills: Cybersecurity Assessment, SOC Monitoring, Vulnerability Management, Security Engineering, Cybersecurity Roadmapping, Security Architecture, Vendor Due Diligence, Audit Support

• Responsible for the development, implementation, and management of the District's Application Security Program
• Assists in the review and update of cybersecurity policies, architectures, controls and standards
• Partners with IT and internal and external business partners to ensure that security is factored into the evaluation, selection, installation and configuration process for new hardware, software or cloud solutions
• Partners with Information Technology teams to define and implement processes and procedures required to achieve security control requirements
• Consults with application development teams on secure coding practices and strategies to prevent and remediate vulnerabilities
• Participates in security testing and risk assessment activities, providing expertise and input to ensure appropriate discovery and remediation of control deficiencies or information security threats
• Provides leadership and expertise to the security monitoring and operations team
• Assisting the team during incident response
• Analyzing complex threat scenarios
• Communicating with stakeholders and supporting root cause analysis activities
• Organizes and leads table-top exercises to practice and rehearse organizational incident response to complex scenarios and security threat events
• Champions and communicates security best practices and risk mitigation strategies to business leaders, organization management, and across IT development, engineering, and operational teams
• Leads by example, demonstrating high performance in the areas of customer satisfaction, collaboration, teamwork and reliability

Skills: Application Security, Policy Review, Secure Evaluation, Control Implementation, Secure Coding, Risk Assessment, Incident Response, Threat Analysis

• Leads complex initiatives and projects
• Applies technical capabilities within own discipline to coach and develop junior employees
• Provides input into the performance appraisal process for some junior employees or team members
• Influences and implements security requirements, standards, and architecture for the security aspects of small- to medium-sized projects, and participates in internal investigations
• Raises opportunities for improvement to senior consulting and provides technical guidance for junior resources
• Defines platform architecture and drives strategy execution
• Responsible for understanding security policies, industry best practices and compliance
• Responsible for reviewing and providing feedback for improvements to front-line metrics to ensure controls are being met as defined
• Responsible for reviewing all project documentation, including maintaining technical documents and business requirements
• Responsible for completing Voice of Customer surveys and communication if part of a security domain-based engineering team (i.e., identity access management) for any new technologies or governance processes

Skills: Project Leadership, Technical Coaching, Security Standards, Architecture Strategy, Compliance Knowledge, Control Review, Documentation Management, Customer Feedback Analysis

• Provide Information Systems Security Engineering support and technical execution of information security activities associated with the Assessment and Authorization (A&A) of NIST Risk Management Framework (RMF) hardened information systems
• Ensure RMF Information Security requirements and Program Protection requirements are addressed in all phases of the System Development Lifecycle (SDLC)
• Write and manage RMF body of evidence documents (e.g., System Security Plan (SSP), Security Compliance Traceability Matrix (SCTM), Risk Assessment Report (RAR), Continuous Monitoring (ConMon) Plan, and Security Assessment Plans and Procedures (SAPP)
• Perform functional analysis, timeline analysis, detailed trade studies, requirements derivation and allocation, and interface definition studies to translate customer Information Security requirements into hardware and software specifications
• Responsible for developing security overlays, data flow diagrams, internal requirements, CONOPs and interface control documents from customer/product requirements
• Provide Information Assurance technical leadership to development teams at internal and external gate reviews such as technical baseline reviews and design reviews
• Work closely with Program Managers, Systems Engineers, other engineering disciplines, customers, and teaming members
• Identify security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives (hardware, software, cross-domain solutions, cryptographic devices, firewalls, intrusion detection systems, anti-virus systems and software deployment tools)
• Conduct complex security architecture analysis to evaluate and mitigate risks
• Explain technical security needs to non-security team members in a manner that facilitates cross-functional design activities
• Conduct product research of cybersecurity products and advancements for the purposes of finding alternate, better, and/or quick prototype solutions
• Translate customer mission goals into technical requirements

Skills: RMF Engineering, A&A Documentation, Security Requirements, Risk Identification, Architecture Analysis, IA Leadership, Cross-Functional Communication, Technical Translation

• Report directly to the Global Head of Network Security Engineering and work with a team of engineers and product specialists, delivering security solutions to the Bank
• Oversee all contributions from the team and set the strategy for the product roadmap
• Design and implement different solutions to expand around the existing design
• Support managers and the team in project planning and reporting
• Responsible for providing technical oversight of the Network Segmentation and Cloud Security programs with an emphasis on requirements, architecture, design, use cases, vendor selection and the security posture of the solution
• Oversee contributions from the team, assume ownership of new products 
• Set strategy and agree on a product road map with stakeholders and management
• Improve “Standard Operating Procedures” (SOPs) and educate stakeholders with them to improve incident response
• Use experiences to build a better logging program and re-evaluate the collection process
• Implement and improve anti-hacking applications and processes

Skills: Network Security Leadership, Product Roadmapping, Solution Design, Technical Oversight, Cloud Security, SOP Improvement, Logging Optimization, Anti-Hacking Implementation

• Working with various data sources for threat detection and automation
• Analyze the latest adversary's TTP and develop approaches to detect them
• Participating in threat hunting activities
• Developing security alerts, dashboards and playbooks for HERE Security Operations Center
• Design standards for logs and alerts and collaborate with the service team to incorporate these standards
• Analyze log coverage, details of available events
• Work with different teams and owners to support Detection Engineering requirements
• Collecting Metrics for Detection Engineering activities

Skills: Threat Detection, TTP Analysis, Threat Hunting, Alert Development, Log Standards, Log Analysis, Detection Support, Metrics Collection

• Interface with clients, establishing technical competency, and delivering complex projects
• Develop mitigation strategies for keeping customers safe
• Develop comprehensive reports and presentations for customers
• Improve team tradecraft, techniques, and tooling
• Provide technical mentorship for junior security engineers
• Lead challenging service engagements with complex technology stacks across multiple modalities
• Develop new product and service capabilities to meet emerging customer needs
• Optimize existing product and service capabilities to ensure quality, consistency, efficiency, and effectiveness
• Attracting and qualifying the top 1% talent into the organization

Skills: Client Engagement, Mitigation Strategy, Report Development, Tradecraft Improvement, Technical Mentorship, Service Leadership, Capability Development, Talent Qualification

• Collaborate with other teams to ensure customer service levels are met
• Design and development of Security Solutions to protect Company IT assets
• Work closely with Infrastructure OR Software Delivery engineering teams to ensure security requirements are understood and built into the design of other enterprise services
• Forecast and establish technical requirements in concert with Architecture and Risk Management for Connectivity (intra and intercompany), Internet-facing solutions, Infrastructure, Application, eCommerce, Mobility, Cloud, etc.
• Lead the execution of more complex multi-platform changes
• Analyze, design, develop and implement security solutions that protect the information assets while enabling business functionality
• Lead/direct IT infrastructure OR application penetration testing using standard tools and procedures
• Perform Root Cause analysis for security or availability failure and direct the remediation of security-related causes
• Provide subject matter expertise for Architecture, Planning and Roadmap sessions
• Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies
• Document solutions engineered to be handed off to SOC and other Engineering support organizations
• Own the security aspects of the Software OR Infrastructure Delivery life cycle
• Perform product and solution life cycle management, ensuring capacity, integrity and availability of all systems

Skills: Security Solution Design, Requirements Forecasting, Multi-Platform Execution, Penetration Testing, Root Cause Analysis, Architecture Expertise, Technology Evaluation, Lifecycle Management

• Experience in security architecture, design, and deploying infrastructure in the cloud
• Experience with working in public cloud platforms such as GCP, AWS, Azure
• Scripting and coding skills with one or more of the following: Java, REST, Bash, Python, Go
• Experience in Endpoint Protection with multiple vendors such as McAfee, Sophos, Forcepoint, SentinelOne, Carbon Black
• Experience in Cloud security solutions such as CASB, SASE, WAF, DDoS, Bot Mitigation with multiple vendors such as AWS, Akamai, CloudFlare, Bitglass, Netskope
• Experience working with Secure Web Gateway, DLP, DNS, DNS over HTTPS, and IdP/authentication, SAML, OTP
• Deep knowledge and experience in performing threat modeling, risk assessment, pen testing, and data security validation
• Deep knowledge of end-user and application security risks - DDoS, malware, phishing, viruses
• Experience working with web services and APIs, and micro-services architecture and deployment
• Experience working in an Agile/Scrum environment with Jira and Confluence
• Must have Industry certifications such as CISSP, CISM, or CISA

Qualifications: BS in Software Engineering with 8 years of Experience

• Experience in software engineering with a spike in security
• Strong software engineering background with one or more scripting/programming languages such as Python, Go or Ruby
• Ability to write and coach on both application code with high quality and strong engineering practices (test- and behavior-driven development, unit, integration, end-to-end and acceptance testing, functional, performance, resilience and security testing)
• Profound knowledge of Agile concepts
• Work experience as part of a scrum team
• Strong experience with at least one major Linux distribution such as Debian/Ubuntu or Red Hat/CentOS
• Embrace non-hierarchical trust/transparency and challenge the status quo
• Possess distinct quality and service mindset
• Demonstrate self-drive, organization and excellent time management
• Ability to work independently and in various multi-cultural team settings
• Excellent interpersonal, communication and influencing skills

Qualifications: BS in Network Security with 5 years of Experience

• Must have general security certifications such as CISSP, CISM, CISA or equivalent
• Experience in supporting a Windows environment in a Systems Engineer or Security Engineer capacity
• Excellent communication skills, written and oral
• Excellent inter-personal skills
• Ability to interact and get along well with all layers of personnel
• Strong experience with scripting languages, PowerShell, and JSON
• Excellent problem solving skills and ability to work under pressure
• Strong technical knowledge and solid hands-on experience in securing a Windows environment
• Solid understanding of all common security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, PKI, SIEM, DLP, etc.
• Solid understanding of network concepts and network monitoring tools such as Wireshark
• Understanding low-level implementations and high-level strategies for corporate/platform security

Qualifications: BS in Information Security with 6 years of Experience

• Experience in application and infrastructure (cloud and data center) security delivery and operation
• Experience with security in one or more public clouds
• Experience in the financial industry with a deep understanding of financial regulations 
• Experienced in various DevSecOps technologies
• Experience with one or more major cloud services (AWS, Microsoft Azure, or Alibaba)
• Experience performing threat modeling and design reviews to assess security implications and requirements for the introduction of new technologies
• Experience with cloud security tools and services
• Must have professional certification or designation in information security (e.g., CISA) 
• Experience in IT Security
• Good team player as well as strong communication skills with stakeholders at all levels
• Strong analytical skills and ability to work independently
• System knowledge and experience in Server (Windows, Linux), Network and Security
• Experience in PKI, cryptography and HSM
• Must have Security certification (CISSP, CEH, ITIL)

Qualifications: BS in Computer Science with 7 years of Experience

• Prior experience in a relevant position as a Software Security Engineer
• Solid knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols
• Experience in software development in JAVA programming languages
• Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities
• Deep interest in knowing the latest industry advancements in software security, along with implementing them
• Working experience in incident response or a similar information security operations role
• Familiarity with cloud computing environments such as Microsoft Azure
• Familiarity with Security Operations Centers (SOC)
• Experience securing applications in Health Care, securing ePHI and HIPAA/HITECH regulations
• Familiarity with HITRUST CSF and NIST control frameworks
• Experience in Threat Modeling
• Experience performing security assessments and secure design of hardware and firmware of medical devices communicating over Bluetooth
• Experience with any of the following: deploying web-based services on AWS infrastructure, Kubernetes, Typescript, ReactNative, Ruby on Rails, GraphQL, IaC using Terraform

Qualifications: BS in Applied Mathematics with 8 years of Experience

• Experience in security and infrastructure engineering
• Strong experience in deploying security technologies such as firewalls, IDS/IPS, content filters, Anti-Malware, EDR, etc.
• In-depth technical knowledge of security engineering, computer and network security, authentication, security protocols, and applied cryptography
• Strong understanding of security protocols and technologies such as VPN (TLS and IPSec), RADIUS, HTTPS
• Working knowledge of security technologies like Vulnerability Management, DLP, SASE, CASB
• Strong experience with the setup and administration of Linux systems
• Good experience in network design and topology, especially zoning, routing, VLANs, WiFi security, etc.
• Good familiarity with cloud infrastructures, with Amazon Web Services (AWS) 
• Good understanding of software development, scripting and API integration
• Experienced in assessing and escalating to vendors for troubleshooting purposes

Qualifications: BS in Computer Networks with 6 years of Experience

• Ability to effectively advise leadership and influence senior stakeholders
• Good knowledge of common security standards and frameworks (e.g., OWASP Top 10, NIST/ CSC, CIS, SANS Top 25, TOGAF, SABSA, OSA, etc.)
• Good level of knowledge of information security risk management methodologies and best practices
• Understanding of the legal and regulatory environment within which the business operates and knowledge of relevant security-related legal and regulatory requirements
• Active membership in a relevant professional body or industry group
• Strong commercial awareness to enable business growth through effective security
• Demonstrated ability to scale up and out the application security program through developer empowerment, training, automation, crowdsourcing, and other initiatives
• Extensive previous experience in building and running security programs in a fast-paced, startup (ground-up) environment

Qualifications: BS in Digital Forensics with 5 years of Experience

• Working experience in security engineering and operations in an e-commerce environment
• Experience building and operating a security program for a public company
• Hands-on expertise operating in public cloud environments with proficiency in architecture and security capabilities
• Extensive experience in penetration testing of web and mobile applications
• Proven experience in multiple security domains such as intrusion detection, intrusion prevention, bot detection, and incident response, along with associated tools
• Familiarity with Cybersecurity Frameworks like NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
• Hands-on experience with virtual and physical networking systems, and secure web access tools
• Experience assessing and implementing technical security controls related to PCI DSS
• Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience
• Must have industry certifications like AWS, CISSP or SSCP
• Deep understanding of Linux operating systems
• Practical scripting skills using Python or similar

Qualifications: BS in Cloud Computing with 7 years of Experience

• Information security-related experience, which includes the implementation and automation of security controls and threat protection
• Working experience in managing identity and access in cloud and on-premise environments, network security architecture concepts, topology, protocols, components, firewalls, demilitarized zones, and segmentation)
• Experience in scripting languages like Python, Unix Shell (bash/ksh), etc.
• Detailed technical knowledge of database and operating system (Linux and Windows) security
• Familiarity with web-related technologies (Web applications, Web Services, Service Oriented Architectures) and network/web-related protocols
• Hands-on experience in security systems, including firewalls (including reviewing and maintaining firewall rules), intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Experience with network system design and implementation, CCNP, CCIE 
• Very good understanding of security industry standards and best practices
• Deep technical understanding and experience securing AWS technologies 
• Self-sufficient and fully accountable for the activities under responsibility
• Good communication skills and ability to efficiently elaborate issues and risks to all partners and senior management
• Knowledge of ISO 27001/27013, SOC2, NIST 800-53, HIPAA, and GDPR/CCPA
• Strong understanding of the OWASP Top 10 rules

Qualifications: BS in Software Development with 8 years of Experience

• Experience performing technical security assessments, code audits, and design reviews
• Hands-on experience with public clouds, such as AWS, Azure, or GCP, with a focus on security
• Experience with any security detection and response technology products such as SOAR/SIEM
• Fundamental understanding of OWASP and security engineering principles
• Working knowledge of CI/CD
• Working knowledge of Operating System security
• Excellent communication skills
• Experience working in web application security
• Experience in software development
• Knowledge of security engineering, computer/network security, authentication, security protocols, and applied cryptography
• Experience leading a globally distributed team

Qualifications: BS in Information Security with 6 years of Experience

• Experience in the development of security solutions for military and/or commercial products and systems
• Knowledge of UK/NATO Information Assurance standards, procedures and systems
• Practical experience in producing Security Accreditation documentation
• Practical experience of NCSC and Common Criteria security evaluation techniques
• Knowledge of current crypto technologies and key management systems
• Model Base System Engineering (MBSE) knowledge
• Enterprise Security Architectures (SABSA, MODAF)
• Understanding operating systems, firmware and software security controls and how to apply them
• Understanding of existing, current and emerging technologies including cloud, virtualisation and web
• Excellent verbal and written communication skills
• Good team worker with the ability to influence and motivate
• Positive attitude and drive to improve the business

Qualifications: BS in Computer Science with 7 years of Experience

• Practical experience with developing and presenting technical documentation such as architecture diagrams
• Experience working in highly regulated environments (NIST SP 800-53, ISO 27001…) 
• Experience with AKS, Azure security constructs (e.g., Azure policies), and other
• Experience with Git and other DevOps toolsets
• Experience with Linux and Linux security
• Working knowledge of FISMA and/or NIST publications
• Ability to adapt quickly to new technologies and changing business requirements
• Flexible schedule allowing for work outside of standard business hours
• Experience in security engineering
• Experience in production Kubernetes systems

Qualifications: BS in Network Security with 5 years of Experience

• Experience in Information Security
• Experience in areas of compliance, audit, and risk at a startup
• Experience managing corporate, customer, vendor, and integration risks
• Working understanding of risk concepts applied within cloud-native technology stacks
• Self-directed and motivated to foster creative problem-solving as well as out-of-the-box thinking
• Think analytically and holistically about security risk in a SaaS platform, and communicate about it effectively 360 degrees to team members, management, and customers
• Experience in implementing a robust security framework and compliance practices in a cloud-native environment
• Demonstrable experience influencing DevOps teams to adopt security best practices in the cloud
• Collaborated with engineering to deliver high-impact security solutions
• Proficiency in modern software development and can work with hands-on software implementation in a cloud-native platform environment 
• Experience working in modern software product companies, with experience focused on security
• High Degree of technical expertise across all platforms, infrastructure, applications, storage, backup, etc.
• Must have industry certifications such as CISSP, CCSP, OSCP, GCIH

Qualifications: BS in Applied Mathematics with 8 years of Experience

• Working experience in IT Engineering and/or Cyber Security Engineering
• Solid working knowledge of ITIL (ITIL Certification)
• Good understanding of Industry Security standards (i.e., ISO27001/2, NIST Cyber Security Framework, etc.)
• Excellent knowledge of technical leadership and information analysis
• Ability to multitask
• Solid understanding of High Availability, System Resiliency, Systems Design and Engineering, Databases and Web technologies
• Solid understanding of Cloud Technologies (e.g., AWS, Azure, GCP), particularly Crypto implementations
• Exceptional interpersonal skills
• Must build strong relationships with partners (internally and externally)
• Strong problem-solving and troubleshooting skills with the ability to exercise mature judgment
• Ability to work under pressure, owning and meeting critical deadlines

Qualifications: BA in Information Management with 6 years of Experience

• Working experience in high-level technical Security Technologies
• Hands-on experience in F5 Big-IP, Palo Alto, Infoblox, and Cisco
• Understanding and practical experience in Network design and architecture, Cloud-based services (PaaS, IaaS, SaaS), Virtualization / Containerization, Mobile security (MDM, MAM), Encryption / PKI, Database security, Application/ API security, Identity Management (IDM)
• Understanding of software development principles
• Proficiency in several security technologies including data loss prevention, encryption, cloud access security brokers, identity and access management, micro-segmentation, multi-factor authentication, endpoint protection, SIEM and perimeter defenses
• Experience working across the full stack of enterprise security tools including everything from the physical layer to the application layer
• Ability to lead the design of network security infrastructure and the integration of new requirements into existing architectures
• Experience leading compliance assessments of relevant cybersecurity frameworks
• Experience conducting daily Security Operations Center triage and research
• Experience with many of the following technologies/roles: Privileged Account Management, Web filtering, Web Application Firewalls, Encryption-at-rest, and encryption-in-transit, Advanced endpoint protection, Vulnerability Management
• Experience responding to incidents, crises, and investigations with sensitivity, tenacity, and a focus on detail

Qualifications: BS in Cryptography and Security with 7 years of Experience