Sr. Cyber Security Engineer - Public Company Accounting Oversight Board - PCAOB Ashburn, VA, San Francisco, CA, New York, NY, Washington D.C., Dallas, TX, Atlanta, GA, Chicago, IL, Denver, CO, Irvine, CA, Charlotte, NC Bookmark Share Print 634 0 3

Listing Description

The PCAOB has a full-time, regular position for a Senior Cyber Security Engineer in the Office of Data, Security and Technology (ODST). This position will report to the Manager, Security Operations. The Senior Cyber Security Engineer will be responsible for protecting system boundaries and ensuring that IT systems, applications, and network devices are secured against threats. The position supports the Security Operations Center (SOC) as an advanced escalation point identifying and addressing potential information security incidents. The role will interact with both technical and non-technical stakeholders and will provide technical leadership to others on the team and in the organization.

Responsibilities

• Serve as the lead for day-to-day threat identification and vulnerability/risk analysis.

• Perform advanced event and incident analysis, including baseline establishment and trend analysis.

• Remain current on cyber security trends and intelligence in order to guide the security analysis and identification capabilities of the SOC team.

• Perform threat, vulnerability, and risk assessments/investigations.

• Responsible for the engineering, design, implementation, maintenance, analysis, and administration of PCAOB security technologies. 

• Participate in and lead projects for security requirements, network design reviews, and security testing for PCAOB network, systems, and other IT teams.

• Coordinate with PCAOB systems, network, and development teams to ensure network security standards are being followed and implemented correctly.

• Evaluate new security technology and emerging threats and provide recommendations to strengthen the PCAOB’s information security environment.

• Coordinate the handling and resolution of incidents of security breach.

• Provide analytical and technical security recommendations to other team members and other PCAOB users.

• Identify requirements based upon need or as the result of a security issue that puts the organization’s systems at risk.

• Perform internal and external penetration tests with multiple technologies.

• Proactively conduct security threat analysis and recommend solutions to manage network, systems, and application vulnerabilities. 

• Review and analyze new systems (hardware and software) and provide recommendations concerning their security.

• Recommend effective security configurations and architecture.

• Liaison to the ODST Teams to effectively select secure solutions.

• Develop documentation to support ongoing security systems operations, maintenance, and specific problem resolution.

• Provide support off hours in addition to regular workdays to troubleshoot escalated issues and apply production changes where needed.

• Other duties as assigned.           

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or similar field.

• Minimum of 5+ years of information security experience with a focus on network, application, and architecture.

• Minimum of 5+ years of security operations center experience with security monitoring and incident response.

• Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment.

• Experience with securing cloud/virtualized environments.

• Experience with defensive and detective technologies such as firewall, WAF, email gateway, DLP, IDS/IPS and SIEM.

• In-depth knowledge of mapping business requirements to technology and ability to identify security gaps at the architecture level.

• Knowledge of common security vulnerabilities such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.

• Knowledge of the HTTP protocol, including analyzing the request/response.

• Demonstrated experience with commercial and open-source testing and auditing tools such as Paros, BURP, nmap, and Metasploit.

• Experience with vulnerability scanning and an understanding of how to analyze discovery scan data and vulnerability data to determine unusual use configurations, discovery of aged software, and proper identification of high-severity vulnerabilities.

• Proven ability to clearly document and communicate security findings, risk description, risk level, and recommended solutions to stakeholders.

• Understanding of networking and operating systems such as Linux and Windows.

• Demonstrated knowledge of security industry standards and best practices such as OWASP and NIST.

• Excellent interpersonal, analytical, and problem-solving skills.

• Ability to manage multiple tasks and projects.

• Experience working in a multi-office environment and willingness to travel to other offices as required. 

Preferred Qualifications

• GCTI, GCIA, GNFA, CISSP, CEH, or other relevant certification.

Additional Informational

The PCAOB oversees the audits of public companies and SEC-registered brokers and dealers in order to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports.