Sr Cybersecurity Engineer
Stori Card
Other Engineering
Mexico City, Mexico
Posted on Sep 26, 2024
As a Sr Cyber Security Engineer, you will be responsible for safeguarding an organization's computer networks and systems. You will utilize your expertise in cybersecurity principles, practices, and tools to protect sensitive data, prevent unauthorized access, mitigate potential security threats, and monitoring. Your role will involve designing, implementing, and maintaining security measures to ensure the confidentiality, integrity, and availability of information assets.
- Identify vulnerabilities and weaknesses that could be exploited by attackers.
- Help develop and implement security policies, protocols, and procedures.
- Conduct regular security assessments, vulnerability scans, and penetration testing.
- Prepare and present reports on security status and incidents to management.
- Stay current with the latest security trends, threats, and technology solutions.
- Understands, reviews, and interprets vulnerability assessment and scanning results, reduce false positive findings, and act as security advisor to business unit partners.
- Creates detailed risk assessment reports which explain identified technical and logical security findings, describes potential business risks, and presents prioritized recommendations.
- Develop and maintain documentation for security processes and compliance requirements.
- Contributes to the ongoing enhancement of the company's security assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools, and deliverables.
- Maintains knowledge with current emerging technologies and advancements within Cybersecurity.
- Provides expertise and solutions for others as a subject matter expert.
- Monitor and enforce guidelines for best practices in security and compliance.
- Orchestrate daily compliance requirements and tasks as required.
- Review and respond to escalated security events.
- Proactively hunting for vulnerabilities and threats within our environment.
- Maintain knowledge of adversary tactics, techniques, and procedures (TTP).
- Provide timely and relevant updates to appropriate stakeholders and decision makers.
- Monitor and analyze security systems to detect and respond to security incidents.
- Investigate security breaches and other security-related incidents.
- Experience:
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
- 2-3+ years of hands-on experience with the design, implementation, and operation of enterprise vulnerability management.
- 2-3+ years experience supporting diverse IT systems, processes, or capabilities in large organizations
- 2-3+ years of solid understanding of industry best practices for hands on, security vulnerability remediation.
- 2-3+ years of experience in incident response and/or computer forensics. Extensive experience within an enterprise scale organization; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector
- 2-3+ years with SolarWinds (or other, similar tools) running in an enterprise environment.
- Extensive experience with core vulnerability management scanners (e.g. Qualys, Tenable etc.).
- Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level.
- Technical understanding of a range of enterprise (on-premise) IT and cloud-based architectures and technologies such as networking, server infrastructure, operating systems, web applications and databases.
- Skills and attitudes
- An understanding of mapping and scanning applications and systems, including port scanning, identifying services and configurations, spidering, application flow charting, and session analysis
- Technical understanding of current cybersecurity threats and trends
- Knowledge and experience with the Windows and Linux operating systems
- Ability to correlate data from multiple data sources to create a more accurate picture of cyber threats and vulnerabilities.
- Ability to research, analyze data, and derive facts.
- Familiarity with automated tools used to discover system and web application vulnerabilities such as Nessus, Nmap, Qualys, R7 etc.…
- Knowledge of system and/or web application vulnerabilities and risk assessment methodologies such as Common Vulnerability Scoring System (CVSS) or Open Web Application Security Project (OWASP) Risk Rating Methodology
- Strong technical skills related to at least one of the following areas: Information Security, Incident Response, Network Security, Windows Security, UNIX/Linux Security, and Web application Security.
- Able to multitask, prioritize, and resolve multiple inquiries at once.
- Excellent communication (oral and written), interpersonal, organizational, and presentation skills.
- Strong work ethic and self-motivation.
- Ability to work independently, be creative, results-oriented, and adaptable, and have strong written and verbal communication skills.
- Bonus Points:
- Preferred certifications: Net+, Security+, OSCP, CEH, CISSP, GIAC (GSEC, GEVA, GPEN etc.)
- High-profile work development opportunities
- Exposure and opportunities to continuously expand leadership influence at the company
- Constant learning from the work itself, industry experts, and super-smart colleagues
- Competitive compensation and attractive benefits
- International exposure & work experience (we have offices in multiple countries)