Senior Cybersecurity Engineer

Job DescriptionJob DescriptionJob SummaryCybersecurity Engineering Services develop advanced security solutions in line with organizational specifications, regulations, and compliance. 

Job Responsibilities: 

• Assist with security strategy updates addressing the evolving risk landscape.
• Assist with security governance, aligned to NIST CSF, as required to sustain an effective cybersecurity program.
• Assist with 3rd parties/projects/initiatives security risk assessments and provide solutions recommendations as needed.
• Assist with security operations management update/improvement as required.
• Manage information security-related activities of the agency including the analysis, identification, estimation of InfoSec efforts and the development, planning, testing, and documenting of remediation measures.
• Develops, conducts, and documents executive-level reporting and strategy formulation.
• Creates and maintains a centralized information security register to manage all InfoSec information and document changes relevant requirements. 
• Collaborates with internal and external stakeholders to maintain an understanding of current risks, new systems, and changes to the environment.
• Supports development, implementation, and maintenance of strong security risk & compliance processes for new and existing deployments.
• Participates in vendor due-diligence processes and third-party security risk management efforts; in addition to performing contract reviews as it relates to Information Security. 
• Supports internal and external audit and assessment processes for relevant compliance (PCI DSS, Privacy, etc.).
• Creates security guidelines, checklists, and other documentation to support projects and initiatives.
• Develops and presents metrics, reports, and dashboards.
• Develops documentation for information security controls, acquisitions, and process or system changes. 
• Stays up to date on developing regulatory concerns, evolving IT, and information security trends. 
• Contributes to ensuring that the Equal Employment Opportunity (EEO) policies and programs are carried out. 
• May be required to perform other related job duties.

Knowledge & Experience Requirements 

• Experience working with a transit Universal Fare System (UFS) and the Cubic Payment Application (CPA) as it relates to transportation agency data compliance.
• Knowledge of cybersecurity technology and compliance in transit systems.
• Demonstratable strong background in the processes, policies, procedures, systems, practices, and professional standards of cybersecurity.
• Demonstratable knowledge of industry best practices and relevant legal requirements as they pertain to cybersecurity, compliance, and privacy laws and regulations including TSA/DHS transport directives, DMV rules and regulation and other transportation agency cyber security rules and regulations. 
• Consultant must have delivered similar services (as stated above) during the past 10 years.
• Experience with modern Security Operations Center (SOC) monitoring, detecting, analyzing, and responding to cyber threats.
• Experience with conducting Cyber forensics. 
• Experience with major Cyber Incident handling.
• Experience with preparing and guiding organizations to achieve and sustain compliance with Payment Card Industry Data Security Standard (PCI DSS).
• Experience with vulnerability scanning, penetration testing, etc. using commercial products. 
• Experience with risk-based prioritization of security vulnerabilities and providing actionable remediation guidance.
• Experience with cloud based and on-premise Security Information and Event Management (SIEM) tools including administering the tools, reviewing alerts, and providing actionable steps. 
• Experience with Security Orchestration, Automation, and Response (SOAR) platform. 

Minimum Requirements: 

• 15+ years’ experience supporting very large companies with skills performing above listed technical security activities.
• Two of the certifications below: 
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • GIAC Security Professional (GSEC)
  • Certified Data Privacy Solutions Engineer (CDPSE)
  • Cyber Security Nexus (CSX)