Cyber Data Protection Engineer

Job Summary

• In addition to the responsibilities listed below, this position is responsible for leading the design, building, testing, and implementation of data protection security technologies, including infrastructure and supporting applications related to data protection. This includes managing complex IS projects through both pre-production and implementation phases by collaborating with internal technology risk teams, infrastructure management, and external business groups to understand requirements and design and implement solutions accordingly; testing and validating upgrades, enhancements, or new technologies prior to production implementation; consulting on incident support efforts to help resolve and remediate application production issues; and leading the implementation of new security controls as appropriate to resolve incidences and mitigate threat risks. It requires understanding of Cyber and IT regulatory requirements.
• This position is also responsible for maintaining a comprehensive understanding of infrastructure security operations, partnering with the Architecture & Strategy teams to help develop and validate the long-term direction for security technologies, and providing technical subject matter expertise to support the ongoing assessment and mitigation of information security risks.

Essential Responsibilities

1. Conducts or oversees business-specific projects by applying deep expertise in subject area; promoting adherence to all procedures and policies; developing work plans to meet business priorities and deadlines; determining and carrying out processes and methodologies; coordinating and delegating resources to accomplish organizational goals; partnering internally and externally to make effective business decisions; solving complex problems; escalating issues or risks, as appropriate; monitoring progress and results; recognizing and capitalizing on improvement opportunities; evaluating recommendations made; and influencing the completion of project tasks by others.
2. Practices self-leadership and promotes learning in others by building relationships with cross-functional stakeholders; communicating information and providing advice to drive projects forward; influencing team members within assigned unit; listening and responding to, seeking, and addressing performance feedback; adapting to competing demands and new responsibilities; providing feedback to others, including upward feedback to leadership and mentoring junior team members; creating and executing plans to capitalize on strengths and improve opportunity areas; and adapting to and learning from change, difficulties, and feedback.
3. Leads the designing and building of cybersecurity control systems by executing the design, development and implementation of complex countermeasures, systems integration, and tools specific to cybersecurity.
4. Leads the analysis efforts in evaluating existing systems and analyzing attack surface (e.g., gap, control weakness, threat, and efficacy) of information systems in a large enterprise (e.g., applications, operating systems and networks);
5. Provides subject-matter-expert level technical recommendations for control design while considering control gaps, risks, system weaknesses, threats, vulnerabilities, and control effectiveness.
6. Provides some recommendations and input on options, risks, costs, and benefits for systems designs.
7. Leverages partnerships with IT teams, Cyber Teams and key business partners to troubleshoot complex systems.
8. Translates business requirements, and functional and non-functional requirements, into technical specifications that support integrated and sustainable designs for complex or high impact infrastructure systems by partnering with Business Analysts to understand business needs and functional specifications.
9. Ensures system designs adhere to company architecture standards.
10. Builds partnerships with counterparts in various IT Teams (e.g., database, operations, technical support) throughout system development and implementation.
11. Serves as a technical expert for project teams throughout the implementation and maintenance of assigned enterprise infrastructure systems by defining and overseeing the documentation of detailed standards (e.g., guidelines, processes, procedures) for the introduction and maintenance of services.
12. Mentors other technical resources throughout infrastructure systems development.
13. Reviews and validates technical specifications and documentation for complex or multi-dimensional solutions.
14. Leads the development and modification of solutions by identifying technical solutions to business problems.
15. Collaborates with business leaders, Solutions, and lead enterprise architects to review business drivers, and establish a foundation for enterprise systems planning.
16. Reviews benchmarking results and provides information to support current and future infrastructure needs and projects to IT leadership. Provides preliminary conclusions.
17. Benchmarks and evaluates IT trends and technologies to identify opportunities and considerations that impact ROI.
18. Makes recommendations on resources required to maintain service levels and meet new demands.
19. Guides and drives physical architecture design for new initiatives.
20. Provides subject-matter-expert level engineering oversight during security incidents response and investigations as required and leading the development of policies for future proofing when appropriate.
21. Contributes expertise to the development and discussion of recommendations with leaders to collect input on options, risks, costs, and benefits for cybersecurity designs.
22. Provides subject-matter-expert level engineering insight and mentoring others to develop cybersecurity system design prototypes/solutions.

Job Qualifications

Minimum Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Software Engineering, or a directly related field AND minimum eight (8) years of experience in information technology (IT), software engineering, cybersecurity, or a directly related field
• Additional equivalent work experience of (3) additional years (11 total) may be substituted for a degree requirement with experience in cybersecurity, computer science, information technology, software engineering, or a directly related field.
• Four (4) years’ experience in the planning, design, and implementation of Data Protection solutions.
• Four (4) years’ experience in the configuration, implementation, troubleshooting, and operation of Data Protection technologies.
• In depth, Information/Cyber Security experience in one or more of the following areas: email security (proof point or similar), data loss prevention (netscope or similar), web application firewall, cryptography.

Preferred Qualifications

• Minimum one (1) year of experience in a lead role with or without direct reports.
• Four (4) years of experience engineering cybersecurity solutions/controls in accordance with industry standard framework, such as National Institute of Standards and Technology (NIST).
• Four (4) years of experience applying IT Infrastructure Library (ITIL) framework best practices in delivering and managing cybersecurity solutions.
• Four (4) years of experience leading the development of technical documentation in a cybersecurity environment.
• Certified Information Systems Security Professional (CISSP) OR Certified Information Systems Auditor (CISA) OR Global Information Assurance Certification (GIAC) from SANS Institute.
• Four (4) years of experience engineering data loss prevention solutions/controls
• Four (4) years of experience engineering enterprise encryption and key management solutions/controls
• Four (4) years of experience engineering web application firewall solutions/controls
• Four (4) years of experience engineering email security solutions/controls
• Two (2) years of work experience in a role requiring interaction with senior leadership (e.g., Director level and above)
• Four (4) years experience leading the development of technical documentation in an infrastructure development environment.
• Three (3) years experience in a leadership role of a large matrixed organization.
• Three (3) years experience working with IT vendors.
• Four (4) years experience working with an IT Infrastructure Library (ITIL) framework.
• Six (6) years experience in the design and configuration of UNIX/Linux and/or Windows servers infrastructure.
• Six (6) years experience working with operating system and client/server utilities.
• Six (6) years experience working with server hardware management tools and/or server hardware.
• Six (6) years experience working with configuration management software.
• Three (3) years experience in the configuration and/or troubleshooting of email servers in a large enterprise environment.
• Six (6) years experience gathering and translating business requirements into technical specifications.