Cybersecurity Engineer at cohesion
Cohesion is a leading Intelligent Buildings software solution that is disrupting how buildings operate and how people engage with buildings – from real estate owners/investors, operators, building engineers, to tenants and visitors. Our cutting-edge converged IoT-enabled platform brings together building systems, building software, and business applications into a single portal for on web and mobile platforms to forge the path to autonomous buildings.
Cohesion’s Cybersecurity Engineer will have sole responsibility for the Company’s security posture. You will be responsible for providing a highly scalable, reliable, and effective security foundation that serves the customers and business operations of the Company. As we scale our business, including internationally, and into large enterprises, our security posture has never been more important to our Company and the customers we serve.
- Establish and maintain an enterprise-wide vision, strategy, architecture, and program for ensuring that information assets are appropriately protected.
- Implement information security and business continuity plans and policies and manage the operational processes for monitoring and maintaining information security.
- Select, implement (new, upgrade, maintenance), and deploy security technology solutions to ensure the confidentiality, integrity and availability of customer and company data.
- Leverage Company’s existing technology partnerships, e.g. Microsoft, to identify, design and deploy policies for reducing the risk of data loss.
- Maintain complete awareness of current and developing information security regulations, technology, and threats. Translate this information into a comprehensive set of policies, procedures, and security plans along with training program.
- Monitor and assess the overall compliance of the organization with information security regulations, policies, programs, and procedures.
- Assist with technical aspects of the performance of and response to Company’s annual security assessment and security related internal audits.
- Manage external audits (i.e. SOC2, penetration) of Company information security. Ensure any resulting actions to address gaps or weaknesses are appropriately completed in a timely manner.
- Audit Company’s third-party vendors’ information security. Ensure any resulting actions to address gaps or weaknesses are appropriately completed in a timely manner.
- Monitor networks and systems for security incidents/events, using software that detects intrusions and anomalous system behavior.
- Lead incident response process ensuring that procedures are documented and rehearsed.
- Manage our response to incidents and ensure that they are appropriately addressed, documented, investigated (technical and forensic investigation), and reported.
- Complete and deliver information security reports and assessments as are required by regulatory agencies and our customers.
- Configure and implement open-source/third-party tools to assist in detection, prevention, and analysis of security threats.
- Perform threat modeling exercises to identify and correct gaps in Company’s ability to prevent, detect, and investigate data loss.
- Bachelor's degree (B.S.) in the Information Technology or Computer Security field with five (5)+ years of experience * OR Associate's degree in the Information Technology or Computer Security field with seven (7)+ years of experience
- Knowledge of Cloud (SaaS) Security architecture.
- Working knowledge of risk and security frameworks, standards, and best practice (e.g., NIST, ISOIEC 27002:2013, SANS Critical Security Controls)
- Have a knowledge of a wide range of security technologies such as proxies, CASB, DLP, security information/event management, endpoint security, etc.
- An ability to script in windows environments, specifically power shell to support capabilities on Windows 10 and in Office 365 ecosystem.
- An ability to self-organize, prioritize activities independently, create documentation and reporting.
- Experience with the tasks identified within the position described above, including planning, engineering, forecasting and implementation, and identification of resource requirements for information systems or information security configuration requirements associated with business systems.
- Ability to handle multiple tasks/initiatives simultaneously and the ability to handle substantial deadline pressure.
- Excellent written and verbal skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- At least one active security certification: CISSP, CISM, etc.
- Experience working in the SaaS industry with an understanding of regulatory frameworks such as ISO, SOX, GDPR and PII highly desired.
- Experience in other cybersecurity technology areas such as endpoint, analytics, and automation tools; FireEye Endpoint Security, Tanium, Microsoft Defender/ATP, Splunk, ElasticSearch/ELK, MISP, and NiFi.
What you can expect from Cohesion
Cohesion is proud to offer a comprehensive benefits package to eligible, full-time employees in the United States. Our benefits are designed to invest in our employees— and their family’s —well-being, including investments in their health, happiness, and well-being.
- Receiving a competitive compensation package, including bonus, medical/dental/vision insurance, and 401k match
- Receiving a monthly cell phone reimbursement
- Comprehensive wellness reimbursement program (eligible after 6 months of employment)
- Enjoying a responsible unlimited PTO program to help employees maintain work-life balance
- 2-way flexibility of work schedules
- Dressing for your day
- Enjoying family leave benefits
- Temporary transit benefits
At Cohesion, we see diversity and inclusion as a source of strength. We believe building trust and innovation are best achieved through diverse thought and practice. Individuals seeking employment at Cohesion are considered without regard to race, religion, color, national origin, gender identity and expression, sexual orientation, gender identity and expression, age, marital status, veteran status, or disability status.