Security Engineer - New York, United States - Yoh, A Day & Zimmermann Company

    Yoh, A Day & Zimmermann Company
    Yoh, A Day & Zimmermann Company New York, United States

    3 weeks ago

    Yoh, A Day & Zimmermann Company background
    Description

    *NO C2C * NO CONTRACT * NO C2C * NO CONTRACT*

    HYBRID REMOTE - 2 days per week onsite.

    Cloud/DevOps Security Engineer

    You Will:

    • Design, implement, operationalize, and maintain cutting-edge Cloud, Pipeline and Application security technologies on-premises and in the Cloud.
    • Perform risk and compliance self-assessments; identify, document, and remediate risks associated with defects in the current implementation or limitations of the above security controls.
    • Conduct vendor and product feature assessments and proof of concepts to help us maintain the best-in-class cyber security technology portfolio. Partner with other technology teams to define and implement our cyber security strategy.
    • Design and operationalize, through code development, the automated workflows for response to operational issues and for deployment of configuration changes.
    • Partner with other technology teams to enhance the CI/CD Pipeline with additional security controls and to broaden the self-service capabilities of our Cloud environment.
    • Resolve escalated service issues and coach other engineers on troubleshooting efforts.
    • Partner with other technology teams in handling and responding to internal customer issues, conducting problem analysis, providing solutions for service level improvements, and ensuring timely remediation of security issues in accordance with corporate policies and standards.
    • Provide advisory consulting services on the topics of cloud, pipeline and application security to the leadership, partner teams, internal customers; work with Company suppliers on product enhancements.
    • Enhance existing and develop new processes, procedures, and baselines with respect to cyber security and the use and operation of information systems.
    • Support internal and external audit and compliance reviews, lead the team on gathering requirements and evidence, and provide timely responses.
    • Drive initiatives to grow the cyber security mindset and best practices across the Company, with an emphasis on gaining measurable results

    Required Skills:

    • Intellectual curiosity and proven record of spotting anomalies and inconsistencies and identifying creative solutions to resolve security control deficiencies and to optimize performance.
    • Strong analytical, critical thinking, and problem-solving skills, to assess the level of risk and potential impact of sub-optimal implementation of security controls to mitigate new cyber threats and reduce attack surfaces to the enterprise.
    • Understanding of configuration best practices and performance baselines.
    • 5+ years of experience with implementing and operating Cloud Security controls in the domains of Network, Endpoint, Data, and Identity Security.
    • Knowledge of CI/CD pipeline components and the integrations with the various security controls; knowledge of GIT.
    • Working knowledge of Python, Terraform, programming and operating of Jenkins.
    • Proven ability to interpret and correlate the data produced by various event sources -- network security devices, operating systems, web servers, Public Cloud IaaS, endpoint security agents, etc.
    • Familiarity with TCP/IP protocol stack, including routing, network address translation, TCP/UDP connectivity, application-level protocols (HTTP, SMTP, DNS, etc.)
    • Ability to further develop DevSecOps skillset to implement various security controls, define infrastructure as code, deploy cloud-based security services.
    • Working knowledge of using an enterprise-grade SIEM to build dashboards, alerts, and reports.
    • Strong communication and documentation skills; ability to develop reference documentation, network diagrams, standard operating procedures, process workflow and decision tree diagrams.
    • Excellent organizational skills. You are detail-oriented and have an ability to manage and follow up on multiple competing priorities effectively.
    • Customer-focused demeanor; excellent interpersonal skills and a sense of humor.
    • Bachelor's degree in information technology or any STEM discipline; master's degree is preferred.

    Nice to have

    • Developer-level knowledge of some of the following technologies: Puppet, Ansible, Splunk Phantom, Active Directory Group Policy.
    • Experience with consuming vendor APIs.
    • Knowledge of Microsoft Windows PowerShell.
    • Recognized Security Industry and Public Cloud IaaS certifications (AWS, Azure, GCP).
    • Familiarity with security industry standards and best practices (NIST 800-53, ISO27001, NIST CSF, HITRUST, NYDFS-Cybersecurity, HIPAA, FedRAMP, OWASP, etc.)
    • Familiarity with ITIL; experience with incident, problem, change, and risk management.

    Location:

    • 2 days a week at our offices in Holmdel, NJ, Bethlehem, PA, Stamford CT and New York, NY