Senior Cybersecurity Engineer - Seattle, United States - Sound Transit

Description

Salary range is $100k to $195k, with a midpoint of $145k. New hires typically receive between minimum and midpoint, however, we may go slightly higher based on experience, internal equity and market.

Sound Transit also offers a competitive benefits package with a wide range of offerings, including:

• Health Benefits: We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner.
• Long-Term Disability and Life Insurance.
• Employee Assistance Program.
• Retirement Plans: 401a - 10% of employee contribution with a 12% match by Sound Transit; 457b - up to IRS maximum (employee only contribution).
• Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year.
• Parental Leave: 12 weeks of parental leave for new parents.
• Pet Insurance.
• ORCA Card: All full-time employees will receive an ORCA card at no cost.
• Tuition Reimbursement: Sound Transit will pay up to $5,000 annually for approved tuition expenses.
• Inclusive Reproductive Health Support Services.
• Compensation Practices: We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you'll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues.

GENERAL PURPOSE:

Under general direction, performs at a senior professional level supporting the operation of the technical controls outlined by the Agency's Information Security Program for its cloud infrastructure; evaluates, designs, builds, and documents security solutions; evaluates proposed projects and activities to identify information security risks and available mitigating controls; supports the design of cloud infrastructure components and supporting systems by incorporating necessary technical security controls and design considerations, evaluates systems for compliance with internal policies and standards, as well as applicable regulatory frameworks, recommending solutions to address any gaps; provides support for process-based security controls, including security incident response, penetration testing and other security assessment techniques.

PRIMARY DUTIES AND RESPONSIBILITIES:

The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties.

• Serve as the primary SME for information security controls within the Azure / Microsoft 365 space and other cloud solutions as required.
• Design and implement comprehensive cloud-based security controls including but not limited to; identity and access management controls, secure configuration, monitoring, protection and detection tools, among others
• Keep cloud infrastructure current, making recommendations, and continually improving cloud security technologies.
• Work across the organization to continually improve cyber resilience within the cloud space.
• Identify and assess technology-related risks to information security associated with prospective cloud infrastructure solutions; and recommends appropriate mitigating controls.
• Evaluate any prospective technology solution for adherence to documented agency standards, policies, and regulatory responsibilities.
• Develop technical cloud focused standards to interpret and implement applicable information security policies and controls.
• Collaborate with other IT engineering and administration disciplines to ensure security best practices are incorporated into design, implementation, operation and maintenance of systems and services within the cloud infrastructure.
• Assess and classify any identified system vulnerabilities in accordance with pre-defined risk criteria.
• Advise and consult with internal customers on security assurance activities, risk assessment, threat modeling and mitigation of vulnerabilities.
• Assist with information security incident investigation and response efforts within the cloud infrastructure.
• Conduct computer and network forensic investigations in support of incident response activities.
• Conduct security assessments and reviews, including penetration testing of designated systems and infrastructure components.
• Perform root-cause analysis when incidents occur and prepare incident reports.
• Evaluate, implement, and support security-focused tools and services required to support information security controls.
• Evangelize information security at Sound Transit.
• Interact with penetration testers and other external vendors as needed.
• Focus on keeping professional skills current.
• Keep up to date on latest information security threats and countermeasures.
• Champions and models Sound Transit's core values and demonstrates values-based behaviors in everyday interactions across the agency.
• Contributes to a culture of diversity, equity and inclusion in alignment with Sound Transit's Equity & Inclusion Policy.
• It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees.
• It is the responsibility of all employees to integrate sustainability into everyday business practices.
• Other duties as assigned.

MINIMUM QUALIFICATIONS:

Education and Experience: Bachelor's Degree in Computer Science, Information Technology, Business Management Information Systems, or closely related field and five years of Information Systems Security, including 4 years of Network Security and Cloud Security; OR an equivalent combination of education and experience.

Required Licenses or Certifications:

• Certified Information Systems Security Professional (CISSP), or ability to obtain certification within 12 months of hiring.
• Preferred Certifications: CEH, CCFP, GCIH (or other GIAC), CCSP, CCSK or others that are considered field-relevant.

Required Knowledge of:

• Experience with the application of threat modeling or other risk identification techniques, with a particular focus on threats to cloud infrastructure and assets.
• Working understanding of cloud infrastructure architecture as it relates to information security best practices.
• Strong understanding of Azure, Microsoft 365 and Amazon Web Services (AWS) infrastructures.
• Technical skills proficiency in the following areas: security information event management, network protocols (e.g. TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols), system administration, malware (propagation, infection, types), intermediate knowledge of network security controls and technologies (proxy, firewall, IDS/IPS, router/switch, open source information collection platforms), cryptography, Microsoft Active Directory.
• Deep knowledge of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.
• Strong understanding of internet-facing, web applications.
• Relevant experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography.
• Comprehensive knowledge of information security incident handling and investigation procedures.
• Demonstrated skills in conducting forensic analysis of digital evidence, network traffic, managing event analysis/correlation and related incident investigations.
• In-depth knowledge of security software threats and vulnerability mitigation techniques.
• Working knowledge of risk-based methodologies and one or more of the following frameworks: ISO 27001/2:2017, PCI-DSS, or NIST
• Scripting skills (e.g., PowerShell) are strongly desired.
• Principles of business letter writing and basic report preparation.
• English usage, spelling, grammar, and punctuation.
• Modern office procedures, methods, and equipment including computers and computer applications such as word processing, spreadsheets, and statistical databases.

Required Skill in:

• Establishing and maintaining effective working relationships with other department staff, management, vendors, and other stakeholders.
• Documenting and explaining risks, recommendations, and incident data to technical stakeholders.
• Interpreting and administering information security policies, standards and procedures sufficiently to administer, discuss, resolve, and explain them to staff and other constituencies.
• Generating metrics and preparing reports to facilitate decision-making on security-related activities.
• Utilizing personal computer software programs affecting assigned work and in compiling and preparing spreadsheets and reports.
• Preparing and analyzing complex data and comprehensive reports.
• Writing of technical documentation and standards.
• Responding to inquiries and effective oral and written communication.
• Researching, analyzing, and evaluating new security processes, tools, products and techniques.
• Candidate should have excellent time management skills including the ability to prepare prioritize and complete work plans.
• Ability to work effectively and organize priorities independently.
• Results oriented, highly organized, proactive and self-motivated.
• Communicating and coordinating with co-workers, customers, and vendors.
• Working effectively under pressure, meeting deadlines, and adjusting to changing priorities.
• Working cooperatively with other departments, Agency officials, and outside agencies.

Physical Demands / Work Environment:

• Work is performed in a standard office environment.
• The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required.

Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race, color, religion, national origin, sex (including gender identity, sexual orientation, and pregnancy), age, genetic information, disability, veteran status, or other protected class.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR c)