The Engineer for the Security Operations Review Board (SORB) partners with Portfolio Management, IT Dev Project Managers, Enterprise Architecture, Business Information Security Officers, and other teams within Information Security and IT to review development projects for Information Security requirements, at different points of the project. Provides consultation on high-level security design considerations; determines the scope of Information Security services needed to address project demands, assists with ensuring the required services are submitted to the appropriate teams, and determines when further review is required by SORB; assists with ensuring the appropriate technical risk review requests are completed for different stages and factors of each project; and mentors team members. The Engineer for SORB is responsible for maintaining detailed documentation outlining the problem statements/ask, scope, risks, questions and answers, options considered, proposed solutions, etc. As part of the Strategic Initiatives team, the Engineer for SORB, may be tasked with participating in other initiatives as bandwidth allows. This role requires an individual with a broad technical background and knowledge in Information Security, as well as excellent project management, communication, and cross-team collaboration skills.
● Works with stakeholders to provide appropriate security design considerations, best practices, and policies and standards that support their business requirements.
● Researches and understands technical requirements, trends, and strategies as it relates to Azure, Cloud, Zero Trust Architecture (and others, as needed), security best practices, and overall governance.
● Assesses all project information to understand the scope, the current IT and business environment, objectives, and priorities.
● Determines appropriate Information Security services needed for different types of projects and requests, at different points in the project, and assists with ensuring the necessary requests are submitted to the appropriate teams for fulfillment.
● Maintains detailed documentation outlining the proposed direction, risks, considerations, etc.
● Analyzes technical risks and advises on risk mitigation strategies.
● Identifies teams and services needed based on the problem and asks.
● Identifies gaps in Information Security strategy, policies, and standards, and works with internal teams to correct.
● Researches current and emerging security technologies and proposes changes where needed.
● 5 years’ information security experience with a focus on security by design and engineering.
● Demonstrated experience advising on solutions that meet customer requirements, while maintaining security.
● Proven skills in leadership, relationship building, negotiation, collaboration, advocacy, governance, and consensus building.
● Understanding of security fundamentals within different areas of expertise (Networking, Endpoint, Application, Cloud, Mobile, etc.).
● Demonstrates poise and creativity while working with other engineers and SMEs in different domain spaces to come to a common solution.
● Excellent leadership skills and experience in driving teams to determine resolution paths and solutions.
● Excellent verbal and written communication skills (facilitation, negotiation, conflict resolution), with demonstrated ability to communicate effectively to both technical and non-technical audiences.
● Team player with proven ability to work effectively within a large organization that operates using a matrix organization.
● Ability to communicate trade-offs and transactional states with technical and business teams.
● Ability to work effectively; independent of assistance or supervision.
● Ability to work under pressure in a highly team focused environment.
● Innovative, creative, and extremely responsive with a strong sense of urgency.
● Willing to share knowledge and assist others in understanding technical and business topics, i.e. mentoring.
● Self-motivated, responsible, conscientious, and detail-oriented.
● Proven ability to set and follow priorities and timeline.
● A Bachelor’s degree in Computer Science or a minimum.
● One or more professional security certifications such as CISSP, CISM or equivalent.
● Experience with Azure cloud technologies and associated technical services.
- Salary: $185000 - $210000
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: Partial Telecommute