Senior Security Engineer (NYC, London)
New York, NY

Job Description

Overview

Engine delivers modern marketing solutions. Powered by data, driven by results and guided by expertise, we help our clients make connections that count-leading to bottom line growth, an inspired workplace and business transformation. The businesses that make up the Engine group cover multiple practice areas: from cutting edge market intelligence and customer experience to performance-driven content and digital media distribution. Together they work to accelerate growth for brands across a broad range of verticals. At Engine, we not only advocate a positive work-life balance, we enforce it. Our flexible time off policy ensures our staff can take time out to focus on the things that matter, while our comprehensive benefits package includes everything from health and dental insurance to travel, 401K and legal assistance.

Role

Engine's IT organization is in the early phases of transforming its regional-only management model to a globally shared services model. This new model will provide common global services that drive efficiencies and reduce costs while improving services and reducing risk to the company.

The new organization will be a matrix model consisting of: 1) the existing regional IT leadership providing local business relationship management and Service Delivery within each of the Engine regions (US, UK, and APAC), and 2) new global IT leadership representing each of the functional areas.

The Senior Security Engineer is a new global IT role with responsibility for Engine's overall security technologies and platforms. This is a leadership role and senior most technical subject matter expert within Engine, having ownership of enterprise-wide security technologies, processes, and controls required to satisfy Engine's policies, regulatory compliance, and customer contractual requirements. The role is both hands-on providing privileged daily administration of core security services while also being highly visible and interactive with IT, Infosec, and business leadership. A holistic perspective of security and a balance of business and technical acumen is required to be effective in the position.

Responsibilities

The Senior Security Engineer will work closely with technical (CTO, DevOps, and IT) and business (Legal, Human Resources, and BU lead) personnel to ensure information security systems and controls are effectively implemented. The role will also be a contributor to policy and standards development and will serve as a key representative on Engine's Information Security Steering Committee. Specific responsibilities include:

* Recommend, implement, and manage the tools and platforms required to protect enterprise IT and business unit technology services, including network services segmentation, identity and access management, vulnerability management, and disaster recovery
* Work with additional engineering resources to provide security administration and operations
* Lead security solution design, product selection, and related change management processes
* Review and approve controls needed to protect Engine data and technology assets
* Act as a trusted advisor to business units to ensure the appropriate security controls are built into products and services in accordance with Engine security principles and guidelines
* Lead technical investigations required for security events and incidents
* Assist with data collection and reporting of key security metrics to Engine's CISO and Risk/Compliance leads
* Interface with Engine clients (current and prospective) to communicate Engine security practices and relevant controls
* Assist with responding to RFPs, security questionnaires, and related client requests
* Participate in client assessments and/or audits as Engine's security subject matter expert
* Contribute to and support the development and maintenance of the Engine information security program and risk framework
* Recommend and assist in development of policies, standards and controls
* Continually research emerging security trends and technologies to identify products, solutions, and methods that reduce risk to Engine's data and technology services
* Partner with other security resources to ensure effective threat and vulnerability management of Engine's IT and technology products and services
* Assist with Engine supplier security assessments to ensure third-party risk is managed
* Provide recommendations to enhance employee and IT personnel security training and awareness.

Qualifications

The Senior Security Engineer is expected to have the following experience and skills:

* Extensive hands-on experience implementing and configuring information security tools and services, for example: endpoint protection, email hygiene, web filtering and protection, mobile device management, vulnerability management, and incident, event, and log management.
* Experience implementing infrastructure security or secure software development leading practices
* Knowledge of cloud computing (IaaS, PaaS, and SaaS) and protecting cloud-based services especially those within Microsoft (Office 365, Azure) and AWS (EC2, RDS, S3) ecosystems
* Experience implementing security controls aligned to organizational policies and standards
* Knowledge of the ISO 27001 standard and related risk management practices
* Knowledge of GDPR and HIPAA regulationsExperience responding to RFPs, security risk assessments, and audits
* Understanding of attack and threat model development and threat management practices
* Interpersonal skills with the ability to develop and maintain strong stakeholder relationships
* Strong verbal and written communication skills
* Excellent problem-solving skills with the ability to ask the right questions to uncover the core of the problem.

QUALIFICATIONS

* Bachelor's degree in computer science, information systems, engineering or a related field is required; Master's degree is preferred
* At least 10 years' IT experience within application or infrastructure
* At least 5 years' security experience within architecture, engineering, or operations
* Certified Information Security Professional (CISSP) certification preferred
* Certified Cloud Security Professional (CCSP) certification preferred
* Marketing, advertising, research, or related industry technology experience preferred

To all recruitment agencies - not accepting agency resumes. Please do not forward resumes to our jobs alias, employees or any other company location. We are not responsible for any fees related to unsolicited resumes.