Senior Cybersecurity Engineer

A

Auriga Corporation

Senior Cybersecurity Engineer

Los Angeles, CA
Full Time
Paid
  • Responsibilities

    Benefits:

    401(k)

    401(k) matching

    Competitive salary

    Dental insurance

    Flexible schedule

    Health insurance

    Paid time off

    Profit sharing

    Vision insurance

    Job Summary

    Cybersecurity Engineering Services develop advanced security solutions in line with organizational specifications, regulations, and compliance.

    Job Responsibilities:

    Assist with security strategy updates addressing the evolving risk landscape.

    Assist with security governance, aligned to NIST CSF, as required to sustain an effective cybersecurity program.

    Assist with 3rd parties/projects/initiatives security risk assessments and provide solutions recommendations as needed.

    Assist with security operations management update/improvement as required.

    Manage information security-related activities of the agency including the analysis, identification, estimation of InfoSec efforts and the development, planning, testing, and documenting of remediation measures.

    Develops, conducts, and documents executive-level reporting and strategy formulation.

    Creates and maintains a centralized information security register to manage all InfoSec information and document changes relevant requirements.

    Collaborates with internal and external stakeholders to maintain an understanding of current risks, new systems, and changes to the environment.

    Supports development, implementation, and maintenance of strong security risk & compliance processes for new and existing deployments.

    Participates in vendor due-diligence processes and third-party security risk management efforts; in addition to performing contract reviews as it relates to Information Security.

    Supports internal and external audit and assessment processes for relevant compliance (PCI DSS, Privacy, etc.).

    Creates security guidelines, checklists, and other documentation to support projects and initiatives.

    Develops and presents metrics, reports, and dashboards.

    Develops documentation for information security controls, acquisitions, and process or system changes.

    Stays up to date on developing regulatory concerns, evolving IT, and information security trends.

    Contributes to ensuring that the Equal Employment Opportunity (EEO) policies and programs are carried out.

    May be required to perform other related job duties.

    Knowledge & Experience Requirements

    Experience working with a transit Universal Fare System (UFS) and the Cubic Payment Application (CPA) as it relates to transportation agency data compliance.

    Knowledge of cybersecurity technology and compliance in transit systems.

    Demonstratable strong background in the processes, policies, procedures, systems, practices, and professional standards of cybersecurity.

    Demonstratable knowledge of industry best practices and relevant legal requirements as they pertain to cybersecurity, compliance, and privacy laws and regulations including TSA/DHS transport directives, DMV rules and regulation and other transportation agency cyber security rules and regulations.

    Consultant must have delivered similar services (as stated above) during the past 10 years.

    Experience with modern Security Operations Center (SOC) monitoring, detecting, analyzing, and responding to cyber threats.

    Experience with conducting Cyber forensics.

    Experience with major Cyber Incident handling.

    Experience with preparing and guiding organizations to achieve and sustain compliance with Payment Card Industry Data Security Standard (PCI DSS).

    Experience with vulnerability scanning, penetration testing, etc. using commercial products.

    Experience with risk-based prioritization of security vulnerabilities and providing actionable remediation guidance.

    Experience with cloud based and on-premise Security Information and Event Management (SIEM) tools including administering the tools, reviewing alerts, and providing actionable steps.

    Experience with Security Orchestration, Automation, and Response (SOAR) platform.

    Minimum Requirements:

    15+ years’ experience supporting very large companies with skills performing above listed technical security activities.

    Two of the certifications below:

    Certified Information Systems Security Professional (CISSP)

    Certified Information Systems Auditor (CISA)

    Certified Information Security Manager (CISM)

    GIAC Security Professional (GSEC)

    Certified Data Privacy Solutions Engineer (CDPSE)

    Cyber Security Nexus (CSX)