Cyber Security Engineer - St Paul, United States - Tekwissen

    Tekwissen
    Tekwissen St Paul, United States

    4 weeks ago

    Default job background
    Description

    Position:
    Cyber Security Engineer


    Location:
    St Paul, MN 55110

    Duration: 12 Months


    Job Type:
    Contract


    Work Type:
    Hybrid

    Pay Rate: 65-70/Hourly/W2


    Overview:
    TekWissen Group is a workforce management provider throughout the USA and many other countries in the world. Our client is a company that specializes in global climate technologies. It operates Climate segment that delivers energy efficient products and energy services.

    The company offers the client and American Standard Heating & Air Conditioning which provides heating, ventilation, and air conditioning (HVAC) systems, and commercial and residential building services, parts, support, and controlsenergy services and building automation.


    Job Summary:


    As a Senior Cybersecurity Engineer you will be responsible for working with other Building Automation System (BAS) controls and software engineering team members to identify business, technology and product risks and vulnerabilities in the early stages and embed security requirements to address and validate them.

    A lot of this is done by conducting security assessments where the activities will include threat modeling, attack modeling, security DFMEA, vulnerability assessment, triaging, and reporting.

    This Sr.

    Cyber Security Engineer will also collaborate with product architects, system engineers, developers, and testers to implement secure designs by employing secure communications, network/device access control, authentication, authorization, cryptography, audit, forensics, and anomaly and misuse detection to provide information security (integrity, confidentiality, availability, and non-repudiation).


    Core Job Responsibilities (others may be added):
    Define and develop processes and methodologies for designing secure systems
    Engage with teams to conduct security risk assessments and conform to organizational remediation/mitigation timelines in different phases of the secure product development lifecycle
    Provide product security support to development teams, including reviewing and explaining security tools and processes, providing vulnerability explanations and remediation guidance
    Optimize product/system security by creating and reviewing architecture and detailed design solutions that reflect best practices
    Coordinate product security program metrics and reporting
    Support ongoing vulnerability and patch management through tracking, triaging and prioritizing across all products to minimize the potential security risk
    Help drive system and product requirements to meet the regulatory and compliance requirements (like GDPR, ISO, ISA/IEC, SOC2, FedRAMP)
    Assist with training and mentoring of security champions
    Partner with third-party vendors to deliver software security tools and services
    Provide expert consultation on application security requirements and best practices with vulnerability scanning and secure application design
    Partner closely on security operations tasks with cross-functional teammates in IT, DevOps, Engineering, Compliance, and Test
    Manage 3rd party partners and vendors supplying cybersecurity-related services
    Identify the design implications within a platform and system and work with teams to minimize vulnerabilities
    Influence program decisions to reduce the risk exposure of the company
    Participate in Zero-day remediation, Hotfixes, and Incident Response efforts
    Identify and review test coverage for the security aspects of the system
    Assist in responses to external audits, customer questionnaires, penetration tests and vulnerability assessments

    Self-motivated to stay engaged with the market on new security products, threats and vulnerabilities and to apply innovative approaches in technology, marketing and service operations to meet those needs.

    Basic Qualifications
    Bachelor's or Master's degree in Computer Science, Electrical Engineering or similar engineering discipline with an emphasis on cyber security
    8+ years of cumulative experience in software development and engineering expertise in Application, Network, Cloud, Mobile, IoT, ICS, Embedded systems, APIs
    5+ years of expertise in Product Security, Security Architecture and Security Assessment:
    Threat Modeling, Secure Development, Risk Assessment, Threat Analysis, DFMEA, Penetration testing, SDLA tools
    Strong understanding of operational technology principles, concepts, and techniques
    Strong knowledge of current security threats, techniques, and landscape, as well as a self-motivated desire to research current in the cybersecurity landscape
    Strong knowledge of OpenSSL, TLS mutual authentication, PKI, digital signatures, and certificate management
    Ability to research, develop, and keep abreast of tools, techniques, and process improvements in support of security detection and analysis following current and emerging threats
    Implementation experience or knowledge of security controls
    Should have good knowledge of security containers, hands-on experience with DevSecOps principles, and a good handle on end-to-end DevSecOps processes
    Technical understanding of cloud-native architecture and engineering best practices (AWS, Azure, Google Cloud)
    Working experience with OWASP Top 10 for web applications
    Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc
    Knowledge of Security Industry Standards and Frameworks: e.g., NIST, ISA/IEC, GDPR, SOC2
    Excellent verbal and written communication skills, with the ability to communicate to all levels of the organization.
    Preferred Qualifications
    Familiar with DISA STIG assessment and implementation for Linux and/or Windows systems
    Desirable security certification(s): GICSP, GCLD, GSOC, GDSA, or any other relevant certifications

    #J-18808-Ljbffr