• Assesses the company’s existing security measures and identify vulnerabilities within the company’s systems and networks.
• Develops and implements security policies, standards and procedures to safeguard against unauthorized access, modification and destruction of information assets.
• Monitors systems for potential security breaches; investigate incidents, identify threats, and take appropriate action to mitigate risks.
• Helps to manage all remediation's related to IT security controls execution.
• Coordinates 3rd party security audits.
• Coordinates 3rd party pen testing services.
• Runs the roll out of new security tools and processes.
• Creates and manages security awareness training campaigns.
• Creates and manages phishing simulation campaigns.
• Heads risk assessments and leads in the development of risk treatment plans by working with asset owners.
• Runs technical and management support for investigating security incidents, e.g., phishing attacks, DDoS attacks, data leaks, account compromises, etc.
• Provides technical leadership in the operations of our security operations center (SOC).

Required Qualifications

• Bachelor’s degree in information security, computer science, engineering, or related technical field with 4-7 years of relevant experience.
• Possess one or more information security certifications such as CISSP, CISA, GIAC, CompTIA Security+, CCSP, AWS certification.
• Excellent communication, presentation, and documentation skills.
• Data backup and recovery.
• Business continuity and disaster recovery continuity of operations plans.
• Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Controls related to the use, processing, storage, and transmission of data.
• Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Measures or indicators of system performance and availability.
• Network traffic analysis methods.
• Skill in creating policies that reflect system security targets.

Preferred Qualifications

• Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
• New and emerging information technology (IT) and cybersecurity technologies.
• Current and emerging threats/threat vectors.
• Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Penetration testing principles, tools, and techniques.
• AWS security architecture and tools and Microsoft Azure security architecture and tools.
• Knowledge of one of more security frameworks, e.g., ISO-27001, NIST Cybersecurity Framework, PCI-DSS, SOC2, CIS Controls, NIST SP 800-53, etc.

NA