Sr Security Engineer
Natick, MA

Job Description

Job Description

The Team: Cyber Security team, part of our Global IT organization

As a member of the Information Security function, you will be part of a team of highly skilled security professionals tuned-in to threat research and technical innovation. You will work closely with engineering teams and other business functions to tackle complex technical problems and build secure systems, products and services. As a leading global hardware/software engineering company, Cognex has always taken IT security seriously and this position offers an exceptional personal and professional challenge for the right person.

The Role:

As a Senior Security Engineer your primary responsibility is to research, design, engineer, document and advocate security solutions for business requirements including new product and support capabilities and improvements to existing infrastructure, systems, services and operations.

This position is responsible for protecting data and information systems from unauthorized access, use, disclosure, disruption, modification or destruction; and protecting information and other valuable assets stored within facilities. This role covers systems that are located on premise or in the cloud and assists with developing network security to protect electronic information at rest and in transit over networks. The Security Engineer will be involved in a wide range of projects including developing methodologies requiring security best practices and use of industry standards, such as ISO 27001/2:2013, CIS, NIST etc. Responsibilities include helping to maintain compliance to major governance and regulatory standards such as Massachusetts Data Protection Regulations, GDPR and other national and international data protection standards. The Security Engineer will also work to ensure successful completion of vulnerability audits and assessments, as required.

Essential Functions:

* Help create and maintain the enterprise's security documentation (policies, standards, architectures, designs, procedures and guidelines) in the corporate information security management system.
* Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attack and threat vectors.
* Lead and participate on teams to select, test and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
* Lead and participate in the deployment, integration and initial configuration of new security solutions and enhancements to existing security solutions in accordance with best practices.
* Ensure the confidentiality, integrity and availability of the data residing on or transmitted to or from enterprise systems, on premise or in the cloud.
* Lead and participate in investigations into security events or incidents and provide communication to senior management.
* Lead the design and execution of vulnerability assessments, penetration tests and security audits.
* Understanding of wired and wireless network security devices.
* Engage in ongoing communications with peers in the DevOps, Engineering and Networking groups as well as the various business groups to ensure enterprise-wide understanding of security goals and solicit feedback and foster co-operation.
* Assist in developing and maintaining the enterprise's security awareness training program.

Knowledge, Skills, and Abilities:

* Demonstrated on-the-job experience assuring software applications adhere to continuous monitoring and compliance with security controls.
* Knowledge and experience with key management.
* Knowledge and practice utilizing role-based access control and certificates to authenticate end points, system processes, and users.
* Experience and knowledge of penetration testing methodologies and tools.
* Base knowledge of exploit techniques and hacker methodologies.
* Demonstrated on-the-job experience writing and reviewing risk assessment and mitigation reports.
* Ability to communicate security-related concepts to a broad range of technical and non-technical staff.
* Securing Windows Server 2003, 2008 and 2012 operating systems.
* Securing System *nix, Linux based operating systems.
* MS Enterprise Active Directory maintenance.
* Base knowledge of IP based applications (WWW, SMTP, DNS, SNMP, etc.).
* Base knowledge of protocol filtering, network security and packet level analysis tools to resolve network security problems.
* Understanding of wired and wireless network security devices.
* Any experience in QRadar, Carbon Black, Tenable, Palo Alto, Zscaler, MS Azure and O365 Online Services including Active Directory, CASB, Privileged Identity Management, Defender ATP, Exchange Protection, Sentinel, Security & Compliance, Data Rights Management; Amazon Web Services and Netwrix products a plus.

Education and work experience required:

BS or MS in Computer Science or relevant discipline

Security certifications are a plus,

5-10 years' experience engineering or developing solutions in Information Technology;

5 or more years' experience in information security;

Minimum of 3 years engineering information security solutions in any of the following areas:

* Deployment, support of Security Devices including Web Application Firewalls, Intrusion Detection Systems, SIEM, third party tools, (URL filtering, Varonis, Tripwire);
* Experience with compliance with Payment Card Industry Standards (PCI or PCI DSS);
* Familiarity with GDPR compliance
* Vulnerability assessments and penetration tests;
* Ensuring compliance with security policies and procedures.
* Measure, track and report the security vulnerability status of IT assets.
* Experience with cloud environments and cloud security

Additional Job Description

Equal Employment Opportunity

Cognex is an equal opportunity employer. Cognex evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.