Title: Cyber security Engineer/NY

MANDATORY SKILLS/EXPERIENCE

Minimum 7 years of experience with system design and security engineering with experience

implementing a wide range of solutions both in cloud and on-prem.

• Knowledge of security engineering to ensure security solutions development aligns with the

defined architecture strategies

• Bachelors /Master’s degree from an accredited college/university or equivalent work

experience.

• Professional certifications in security, preferably in any two; CCSP, CISSP, CISA, Azure

Solutions Architect Certification, Microsoft Azure Architect Certification & Microsoft Azure

Architect Technologies

• Strong understanding of secure design and reviews, identity and access management

protocols, Secure SDLC, OWASP, NIST.

DESIRABLE SKILLS/EXPERIENCE:

• Good knowledge of Identity Access Management (IAM), SAML, Federation, Privilege Access

Management (PAM), and MFA technologies.

• Data Security (Cryptography and Encryption).

• Knowledge of advanced Auditing and Log Management.

• Security vulnerabilities scanning tools.

• Knowledge of Cloud Access Broker Services (CASB) and configuration based on best

practices.

• Data Loss Prevention (DLP) tools and configuration based on best practices.

• User behavior monitoring.

• Data analysis of Network, Cloud, and Endpoint data.

• Centralized management of next generation firewalls and intrusion detection and prevention

systems (IDS/IPS).

• Provide oversight and assess security controls for IaaS, PaaS, and SaaS services, while

collaborating with system integrators and NY agency teams to deliver reliable and scalable

security capabilities.

• Optimization of security tools and controls.

• Oversee and lead the implementation of all security solutions, develop technical, and

reference architectures throughout the project duration.

• Perform as a subject matter expert on cloud technologies, build, and recommend security

infrastructure from scratch and raise security risks in a timely manner.

• Develop security requirements for complex internet facing applications and associated

infrastructure components.

• Responsible for assessing and reviewing end-to-end secure integrations including web

services and APIs.

• Work closely with NY agency security team and third party system integrators on security

engineering related issues and resolving the issues without affecting the overall project

delivery timelines.

• Monitors information systems for security incidents and vulnerabilities; develops monitoring

and visibility capabilities; reports on incidents, vulnerabilities, and trends.

• Analyzes trends, news, advisories, and changes in threat and conduct security assessments

with risk mitigation plans.

• Review vulnerability management reports and follow-up with technical stakeholders on

remediation efforts.

• Responds to information system security incidents, including investigation of,

countermeasures to, and recovery from computer-based attacks, unauthorized access, and

policy breaches; interacts and coordinates with incident responders.