Cybersecurity Engineer

A leading comprehensive engineering design and consulting firm, SSR provides innovative solutions for clients with facility and infrastructure challenges. To achieve client needs, SSR has multiple locations across the US. Working with a diverse group of individuals in a variety of markets, our team of experts partner with our clients to deliver advanced solutions that last.

SSR is committed to providing opportunities and benefits to colleagues that promote living fully. Through various competitive benefits and programs available, SSR supports the health, well-being, and personal growth of its employees.

SSR offers benefit options including medical, dental, and vision coverage, a generous contribution to employee-owned Health Savings Account, 401(k) with matching up to the full IRS maximum, tuition reimbursement, and a variety of other employee incentives and wellness programs. SSR is a 2019 A/E/C Building a Better World Award Winner which recognizes our commitment to community outreach and improvement.

We feel that SSR is a great place, but don't take our word for it, See what our colleagues are saying at www.ssr-inc.com/life-at-ssr.

Why Choose SSR? Look at our Twitter, Facebook and LinkedIn pages to discover more.

We are Certified "Great Place to Work" http://www.greatplacetowork.com/certified-company/1001559

We are looking for a Cybersecurity Engineer

The Security Engineer is responsible for various domains of security for the company. Monitors computer systems for security issues, deploys security software, and documents security issues or breaches. Secures both cloud and on-premises infrastructures, reviewing metrics and data to find or mitigate risks before breaches occur. This role will generate reports for IT administrators and business managers to evaluate the efficacy of the security policies in place. This role is responsible for leading security awareness efforts, vulnerability management and creating or updating all security-related information, including incident response and disaster recovery plans.

ESSENTIAL FUNCTIONS:

• Develop company-wide best practices for IT security.

• Monitor security systems.

• Conduct vulnerability scanning and risk analysis.

• Coordinate both internal and external security audits.

• Coordinate pen testing engagements.

• Analyze security breaches to identify the root cause.

• Verify the security of third-party vendors and collaborate with them to meet security requirements.

• Regularly update the company's incident response and disaster recovery plans

• Deploy security measures to protect systems and information infrastructure, including firewalls and data encryption programs.

• Stay current on IT security trends and news.

• Research security enhancements and make recommendations to management.

• Analyze and report organizational and system security posture trends.

• Assess adequate access controls based on principles of least privilege and need-to-know.

• Assess all the configuration management (change configuration/release management) processes.

• Assess the effectiveness of security controls.

• Ensure all systems' security operations and maintenance activities are properly documented and updated as necessary.

• Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

• Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.

• Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.

• Plan and recommend modifications or adjustments based on exercise results or system environment.

• Properly document all systems security implementation, operations and maintenance activities and update as necessary

• Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

• Verify and update security documentation reflecting the application/system security design features.

• Create, update and verify security baselines and gold images.

• Update the company's compliance documentation when changes occur.

• Other duties as assigned.

KNOWLEDGE, SKILL, AND ABILITY REQUIREMENTS:

KNOWLEDGE

• Knowledge of information security and computer network penetration testing and techniques

• Knowledge of firewalls, proxies, SIEM, antivirus, and IDS/IPS concepts

• Knowledge of how to identify and mitigate network vulnerabilities and explain how to avoid them

• Knowledge of encryption algorithms

• Knowledge of network access, identity, and access management (i.e., public key infrastructure, Oauth, OpenID, SAML, SPML)

• Knowledge of cybersecurity and privacy principles (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

• Knowledge of information technology (IT) security principles and methods (i.e., firewalls, demilitarized zones, encryption)

• Knowledge of security system design tools, methods, and techniques; and security management

• Knowledge of how traffic flows across the network (i.e., Transmission Control Protocol [TCP] and Internet Protocol [IP]

• Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs

• Knowledge of configuration management techniques

• Knowledge of installation, integration, and optimization of system components

• Knowledge of how to use network analysis tools to identify vulnerabilities

SKILLS and ABILITIES

• Judgment and Decision-Making Skills - ability to make reasoned judgments that are logical and well thought out; constructively questioning and analyzing information in order to make the best conclusion

• Organizational Skills - can marshal resources (people, funding, material, support, etc.) to get things done; can orchestrate multiple activities at once to accomplish goals; uses resources effectively and efficiently; arranges information and files in a useful manner

• Active Listening Skills - practices attentive listening with the patience to hear people out; can accurately restate the opinions of others even when they disagree

• Interpersonal Skills - ability to interact positively and work effectively with others

• Comprehension - ability to understand information, ideas, and direction presented in writing and/or verbally communicated

• Technical experience with Endpoint Security (Antivirus) products (Sophos, Crowd-strike, Carbon Black)

• Can manage a firewall (Palo Alto, Cisco, or Checkpoint)

MINIMUM QUALIFICATIONS:

• Bachelor's degree in a related field or equivalent demonstrated experience and knowledge.

• 3-5 years' experience as a Network Security Administrator or Security Analyst or equivalent.

• Experience with risk management, cyber security frameworks, and compliance with any of the following: NIST 800-53, NIST 800-171 and ISO 27001.

• Experience with programming & scripting languages: Python and PowerShell.

• CISSP, GSEC, GCIH, CEH, Security+ certifications preferred, but not required.

PHYSICAL DEMANDS: (The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of the job Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions)

• Frequently use a computer for several hours at a time

WORK ENVIRONMENT: (The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions)

• Indoors in a normal office environment with some exposure to excessive noise, darkness/poor lighting, fumes, or dust

• Minimal overnight travel to attend meetings, conferences, and training sessions

SSR is an Equal Opportunity / Affirmative Action Employer

EOE Disability/Veteran

Our mission is to make a positive difference for our clients, colleagues, and communities.

Recruiters or staffing agencies: SSR is not obligated to compensate any external recruiter or search firm who presents a candidate, their resume, or profile to an SSR employee without 1) a current, fully-executed agreement on file and 2) being assigned to the open position via HR