Lead Cyber Security Engineer
The Role
At Fusion, we "Protect the Covenant of Trust" between our Software Users and our customers' key stakeholders. A key element of protecting that covenant of trust is ensuring our software and organization follow industry best practices to ensure the security and integrity of customer data. The Cyber Security Engineer will play a vital role in this critical objective.
The Lead Cyber Security Engineer will report directly to the Director of Cyber Security and will assist in maintaining and optimizing Infrastructure and Product security, documentation, and adherence to Fusion's policies and standards.
The specific responsibilities of this role are as follows:
- Conduct cybersecurity assessments on managed systems and technologies, ensuring compliance to Cybersecurity Standards.
- Manage assessment lifecycle from beginning to end. Assessment activities include pre-assessment meetings, evidence collection, assessment workflow management, cybersecurity assessment report generation and documenting risk associated with compliance issues.
- Responsible for assessment program maturity, ensuring assessment-related documentation and activities align with current cybersecurity standards as well as the current threat landscape.
- Assist in developing the cybersecurity roadmap, and delivering secure systems, cyber applications, technical projects and regulatory and risk requirements
- Engineering, implementing and monitoring security measures for the protection of computer systems, networks and information
- Monitor Security logs, SIEM, IDS/IPS, endpoints, etc. for security alerts, identify vulnerabilities and configuration issues and resolve or escalate accordingly.
- Maintain the operational integrity of the Security Operations Center (SOC) through monitoring and periodic testing of critical tools and processes
- Design computer security architecture and develop detailed cyber security designs
- Participate in discussions with prospects and customer IT Security Teams during the Sales and Vendor Due Diligence processes, explaining the security posture of the Fusion Framework System, as well as the security posture of Fusion Risk Management as an organization
- Perform security due diligence on Fusion's 3rd Party Vendors, ensuring they comply with Fusion's security standards
- Respond to information security issues during each stage of a project's lifecycle
- Assist in yearly 3rd Party Audits of Fusion including but not limited to Fusion's SOC 2, Salesforce.com Security Review of Fusion Assets, Fusion Framework Penetration Testing, and more as needed
Knowledge, Skills, and Abilities
- Bachelor's degree or comparable experience in a Windows environment
- Industry Cybersecurity certifications (SANS, ISACA, ISC2, Offensive Security etc.)
- Experience working with cybersecurity frameworks (PCI-DSS, NIST, ISO, etc.)
- Experience conducting info sec risk assessments or technology audits
- Prior experience as a cybersecurity practitioner (e.g. – experience in a cybersecurity domain such as network security, access control, cloud security, etc.)
- Knowledge of public cloud platforms (e.g. Microsoft, Salesforce, AWS)
- Experience with infrastructure software/hardware
- Understanding of Agile development concepts and methodologies
Working knowledge of:
- Identity and access management principles
- Application security and encryption technologies
- Secure network architectures
- IDS/IPS, penetration and vulnerability testing
- Firewall and intrusion detection/prevention protocols
- Network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)
- Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication
- Awareness of current security threats and have an understanding of security standards, practices, procedures, and tools.
Fusion Risk Management, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or national origin. Nothing in this job posting should be construed as an offer or guarantee of employment.