The Cybersecurity Sensor Management Engineer will work closely with the Security Operations Center, Incident Response and Engineering & Delivery to assess the configuration of all security tools and drive towards continuous improvement of their configurations based on the current risk profile, threat landscape, and incoming threat intelligence.
This positionoffers a unique blend of Threat Hunter, Cybersecurity Analyst, and Cybersecurity Engineer.
Senior Security Engineer provides subject matter expertise on information systems security, purpose, plan and implementation and maintenance of security defenses that provide the best protection and value for the organization.
Creates security architecture and implementation artifacts that fully integrate with Business, information technology initiatives and objectives.
An engineer is responsible for developing, articulating, and implementing knowledge in a holistic manner, across multiple mission-critical categories and domains of Cyber Security.
Some limited examples of engineering solution expertise include; but not limited to :
Web filtering technology
Network intrusion defense technology
End point monitoring technology
Data leak protection technology
Intrusion prevention technology
Security information and event management technology
Network taps, traffic aggregators and filters technology
Identity management tools, AD, LDAP, web front end and virtualization technology
Cloud architecture, configuration and deployment technology
S / he must have cross-domain expertise in at least three of the core categories listed above. The skillset and ability to collaborate with domain experts to ensure cohesive, end-to- end security program maturity is paramount.
ESSENTIAL FUNCTIONS :
Responsible for evaluating Telemetry from the SIEM and the individual consoles of various security products to ensure that :
All appropriate threats are being surfaced in the SIEM
All sensors are tuned to send appropriate telemetry
Unnecessary telemetry is eliminated without the loss of context at the SIEM
Implements appropriate changes in security tools in order to reduce attack surface, streamline operations, optimize performance, and achieve new business requirements .
Influences and inform s security architecture to ensure future roadmap and architectural decisions are made with appropriate context.
Manages expectations of stakeholders, including business and ITS executive program sponsors .
Assesses the implications of changes to existing processes / systems (cultural, technological, organizational and environmental) and identifies the activities necessary to ensure a smooth transition and user acceptance of the changes implemented.
Ensures that a n effective change control proce ss is in place , actively used and updated to ensure documentation of systems changes and rollback procedures.
Makes recommendations to update the change control process as necessary to provide appropriate documentation while increasing agility and minimizing overhead.
Drives continuous improv ement in day-to-day security risk mitigation project management and security operations processes.
Debrief regularly with Incident Response to integrate all learnings from previous incidents into the sensor management backlog.
DEPARTMENT SPECIFIC / NON-ESSENTIAL FUNCTIONS :
1. N / A
MINIMUM REQUIREMENTS :
10+ years information technology experience
5-10 years of IT security experience in multiple domains with API, WAF, IAM, NAC, FW, Cloud, DLP, SSO, PKI, Gateway, etc.
Experience with data security technologies including Information Labelling, Rights Management and File Encryption
Verbal and written fluency in English is mandatory
Ability to work in a virtual team which may work across distance (remote), cultures and time zones, in a matrix with multiple reporting lines, and may extend outside the K-C organization including suppliers, partners and customers.
Preferred Experience :
Specific experience with Palo Alto Firewalls (Specifically Palo Alto Threat Profiles)
Specific experience with Splunk and Splunk Enterprise Security
Specific experience with McAfee Endpoint Protection, TIE, DXL and DLP
Specific experience with Zscaler
Specific experience with Rapid 7 Nexpose
ORGANIZATIONAL RELATIONSHIPS / SCOPE :
Role will report to the department leader in the ITS Infrastructure, Application (ITAS) or PMO organization and will have no formal direct reports.
Key Interfaces :
Director of CyberSecurity
Chief Information Security Officer
IT Strategic Leadership Team (L4s)
Global IT leadership
Regional and Functional Subject Matter Experts
External Interfaces :
3rd Party software providers
Cloud solution providers
WORKING CONDITIONS : Travel may include approximately 10-30% of work time. Travel may include travel via aircrafts and motor vehicles to various locations, if applicable.
DISCLAIMER : The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification.
They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position.