Sr Information Security Engineer
Primary Function:
Primary Function
A Sr. Security Engineer specializes in providing security for enterprise platforms and plays an integral role in protecting an organization's data. This may involve analyzing existing practices and creating new and enhanced security methods. This role will often serve as part of a larger team dedicated to enterprise security and operations. Sr. Security Engineers usually work full-time in an office environment, with some positions requiring personnel to respond to after-hours emergencies and participate in an on-call rotation.
Sr. Engineers demonstrate strong expertise in one or more of the following technology areas: Application, Network, Information, Cloud, Database, Platforms, and Endpoints etc. This role leverages the expertise in these areas to re-focus skill and experience into a security-minded, solutions-oriented approach to protecting the key technologies across the environment. Additionally, Sr. Engineers continuously explore alternative options to secure the environment via comparative analysis and industry research; recommending plans for renewals or replacement of technologies and services in place. Perform product and solution life cycle management ensuring capacity, integrity and availability of all systems.
Principle Duties and Responsibilities
Provides guidance to and mentors SOC Analyst and Engineers while providing guidance and security consulting services to IT leadership.
- Ability to assess technology projects, initiatives, or strategic direction and serve as a collaborative and strategic security partner in identifying complex, multi-faceted or new security solutions required to support the desired goals.
- Provides expert advice into the conceptual and technical design/execution of the enterprise wide security solutions. (Windows, UNIX, Network, Web, TCP/IP, etc.)
- Ability to manage internal security-related projects including; documented scoping, assessments, milestones and key deliverables, timeline and reporting.
- Provide service-oriented and value add security guidance across Information Technology
- Manage and optimize existing security tool investments, proactively assess, evaluate and provide guidance on effectiveness to Grainger’s security posture.
- Actively engage with SOC, assess overall data points being tracked, reported, and monitored and collaborate on better methods, metrics, data sources, or a combination thereof to increase effectiveness and value in security alerting and monitoring.
- Serve as the driver in our security posture visibility and alerting maturity through partnered and purposeful SOC analysis efforts; drive maturity beyond alerts, incidents and tickets into proactive analysis.
- Level III SOC Support for escalated incidents from the SOC; Perform Root Cause analysis for security or availability failure and direct the remediation of Security related causes.
- Assist in the maturity and growth of the team by sharing knowledge, insight and mentor others on the team to help expand their capabilities.
- Serve as advisory resources to projects led by Security Engineers or SOC members.
- Partner and design changes in the Security Landscape based on results from analysis received from Risk & Compliance, Internal Audit, External Audit and other functions as deemed appropriate.
- Full understanding of industry standard security frameworks such as ISO, NIST SP 800-53, HIPAA, PCI, FISMA, FedRamp, HITRUST, or NIST CSF and how to confirm security alignment operationally and in consulting or solution engineering.
Preferred Education and Experience
- CISSP or equivalents
Experience in any of the following areas would be a plus:
- Cloud Security and technologies such as AWS, Azure, CloudStack and OpenStack
- Scripting technologies such as Bash, Python, Ruby, PowerShell
- Container management and expertise with Docker, Kubernetes, Openshift
- Operation Framework models such as DevOps, SecDevOps, SDLC, ITIL
- Security practices around Puppet, Chef and Ansible
- IoT (Internet of Things) secure deployment, protection and management
- Palo Alto Next-Gen Firewalls, F5 and technologies such as Web Application Firewalls
- Application Security technologies such as IAST, DAST, RAST and SAST
“Grainger is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, disability, or protected veteran status.”