12+ years in network, information systems, information security, application engineering or architecture
Deep understanding of network security and commercial infrastructure security concepts.
Strong knowledge of security controls and risk management frameworks & models.
Strong working knowledge with identity and access management, cloud, data protection, endpoint, infrastructure, application, network, and container security best practices.
Experience with secure cloud web application implementation and product development.
Experience with DevOps, DevSecOps, and Agile SDLC methodologies
Experience in scripting/coding to automate operational processes and system integrations
Experience with static code analysis tools and open-source security and license management tools.
Must be able to evaluate & apply concepts of risk management and prioritization models for security related risk items.
Capable of working under pressure in a continually changing environment.
Strong inter-personal skills are required to work across the organization and interface with the business including internal and external audit to ensure security controls are in place and effective.
Ability and desire to stay current with emerging cybersecurity technologies, best practices, recommendations, and events and incorporate these into processes, procedures, and policies where it makes sense.
Expert problem solver with strong analytical, troubleshooting, critical thinking, and problem-solving skills
Strong written and verbal communication skills, work ethic and positive attitude
Ability to work alone with minimal supervision effectively and efficiently
BA/BS degree in Computer Science, Information Systems or a related technical field, or the equivalent combination of education and experience; CISA, CISM, OSCP, or CISSP certifications a plus.
Key Metrics
Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
Plans security systems by evaluating network and security technologies; develops security requirements for servers, workstations, local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs), digital signatures & hardware and software
Adheres to industry guidelines, best practices, & standards; automates repeatable tasks, including security control enforcement
Prepares system security reports by collecting, analyzing, and summarizing data and trends.
Enhances department and organization reputation by exploring opportunities to add value to security strategy and objectives.