Application Security Engineer - Incident Management (8-14 yrs)

Job Leveling Guidelines :

1. Knowledge/Competence :

P4 - Applies expertise in managing projects, programs, initiatives, contracts, or agreements. Having wide-ranging experience, works on complex issues where analysis of situations or data requires in-depth knowledge of the industry, company, or companys products. Takes a broad perspective to develop solutions that are creative, effective, and often unique.

2. Problem Solving :

P4 - Exercises expertise and leadership in managing functional area, programs, or projects where coordination with others (internally or externally, which may include matrix management or third-party contractors) is important. Acts as advisor to colleagues and/or customers (internal or external) in meeting schedules or to resolve administrative, operational, or technical problems.

3. Decision Authority :

P4 - Under general direction, has latitude to determine use of resources to meet schedules and goals; may adapt departmental plans and priorities to address resource and operational challenges. Works independently toward achievement of agreed objectives. Receives general or limited guidance on particularly complex or sensitive assignments. Has authority to make decisions within scope of role and budget. Decisions are guided by established policies, procedures, and business plans.

4. Level/Type of Interactions :

P4 - The following applies for both PMs and ICs relative to specific scope of responsibility Decisions have an extended impact on work processes and outcomes. Erroneous decisions or recommendations normally result in serious delays or modifications causing substantial expenditure of additional time, human resources, and funds. Does not own P&L. May be assigned one or more budgets to accomplish objectives. Responsible for managing within budget and contributes to its development.

Minimum Relevant Experience : P4 - 8+ years progressively responsible professional experience (may be reduced with advanced degree).

Minimum Education : P4 - BA/BS Degree

Job Summary :

Provides leadership and development of new or existing cybersecurity projects, including requirements definition, documentation, and communication. Works directly with customers, business, and other technology entities to create, document, implement, and manage security controls, policies, procedures, and practices that ensure the availability, integrity, and confidentiality of information assets. Provides subject matter expertise (SME) leadership with design, installation, operation, service, and maintenance of a variety of multi-user information security systems.

Major Responsibilities :

1. Security Administration(70%) :

- Active in the life-cycle management of multiple hardware and software technologies designed to protect information.

- Maintain process and or procedures for security technologies.

- Prepare periodic reports on risk analysis reviews, security compliance reviews, and security incidents, etc.

- Support security solution development with operational feedback and evaluations.

2. Incident Response(15%) :

- Participate in activities of the Product Security Incident Response Team.

- Monitor for new security threats and make recommendations for additional controls.

- Identify security risks to the organization and recommend corrective actions.

- Triage, resolve, and document security incidents and escalations through analysis and troubleshooting.

3. Security Design and Implementation(10%) :

- Draft solution specifications and develop requirements for new information security systems, configurations, sub-systems, software, and products in support of projects and initiatives.

- Prepare documentation of designs and requirements for new information security systems, configurations, sub-systems, software, and products in support of projects and initiatives.

- Conduct design reviews of requirements implementation.

Knowledge/skill Requirements :

- Working knowledge and understanding in the implementation/administration/security of cloud technologies such as AWS/Azure/GCP.

- Working knowledge and understanding of Public Key Infrastructure (PKI), Digital Rights Management (DRM), or Hardware Security Modules (HSM).

- Working knowledge of applied cryptography.

- Familiarity with various programming languages such as C, C++, Python, PHP, or Java

- Hands on experience with Linux/Unix, Android, and iOS.

- Familiarity regarding common attacks, attack methods, and defense architectures.

- Experience and knowledge in the use of open-source security technologies.

- Ability to coordinate with internal (i.e. project managers, engineering/operations, employees, etc.) and/or external customers.

- Strong interpersonal skills, system level definition capabilities, and customer service skills.

- Uses skills as a seasoned, experienced professional with a full understanding of industry practices and company policies and procedures; resolves a wide range of issues in imaginative as well as practical ways.

- Works on problems of diverse to complex scope where analysis of data requires evaluation of variable factors.

- Demonstrates good judgment in selecting methods and techniques for obtaining solutions.

- Knowledge and experience with frameworks such as NIST, RTCA, PCI DSS a plus.

Education/experience Requirements :

- Bachelor of Science Degree in Systems Engineering, Electrical Engineering, Computer Sciences, Computer Engineering, Information Security, or other related engineering degree, or equivalent experience.

- 8+ years experience in an Information Technology role, with 3+ years specific to an Information or Cybersecurity role.

- Ability to obtain Industry recognized security certifications; CISSP: Certified Information Systems Security Professional, GIAC: SANS Global Information Assurance Certification etc.

Other Requirements :

- May require up to 10% travel

- This individual may be on call 24/7 shared with the group.