Security Engineer

Functional Title: Security Engineer

Corporate Title: Bank Officer

Office Location: New York

Department: Information Security

Reports To: CISO & Records Officer

Job Summary: The Security Engineer will be part of a team responsible for Information Security, assisting in the implementation, administration, and monitoring of security tools and solutions. This mid-level hands-on role requires 3 to 5 years of Information Security technical experience in a corporate environment.

Main Duties and Responsibilities:

• Implement Information Security and Data Retention standards across the organization.
• Monitor internal and external cyber threats and investigate security events and alerts.
• Correlate multiple data sources and apply analytical techniques to investigate potential security incidents.
• Support tuning and iteration of tools used for monitoring, analysis, and forensics.
• Identify and promote improvements in security tools and their supporting processes.
• Collaborate with colleagues to ensure security tools support the overall security strategy.
• Monitor and analyze security vulnerabilities and propose effective remediation approaches.
• Assist in creating Information Security requirements for new products and services.
• Administer multifactor authentication for remote users and business partners.
• Standardize techniques and procedures to promote automation.
• Maintain awareness of the latest cybersecurity matters through continuous learning.
• Apply knowledge on the latest adversarial tactics, techniques, and procedures.

Qualifications Needed:

Knowledge/Experience:

• 3+ years of experience as a security engineer.
• Expertise in security products implementation, automation, and administration.
• Scripting skills in Python, Bash, or PowerShell.
• Strong knowledge of information security best practices.
• Experience in analyzing event logs from various devices.
• Knowledge of Internet standards, protocols, and system internals.
• Familiarity with domain-based Windows environments.
• Understanding of host/network vulnerabilities and exploits, attacker methodologies, and tools.
• Ability to analyze output from security tools and translate into actionable risks.
• Ability to leverage both open-source and commercial tools for investigations.
• Ability to understand and analyze anomalies in network protocols.

Nice to Have:

• Knowledge of information security management frameworks such as ISO/IEC 27001, CIS, and NIST Cybersecurity Framework.

Competencies:

• Maintain confidentiality.
• Work independently and in a team-oriented environment.
• Strong work ethic and attention to detail.
• High level of self-motivation and initiative.
• Good judgment in decision-making and creativity in problem-solving.

Other Pertinent Information:

• Bachelor's Degree or equivalent experience and/or professional certifications required.
• This role requires working 5 days a week in the office.