TITLE:

Lead Security Engineer

LOCATION:

Los Angeles CA

JOB CATEGORY:

Apply Online

Job ID: EB-1401842496
Category: Technology
Location: Los Angeles, CA

Currently seeking a Lead Security Engineer. This is a lead operational role that requires both hands-on experience and the ability to lead a team effort. Lead Information Security Engineers may be called on to help manage a team effort together with E&IT teams and non-IT business units. The duties require the consistent exercise of independent judgment and discretion, ability to work with limited, if any, supervision regarding technical issues and the ability to coordinate technical efforts of a team to meet security project goals.

KEY RESPONSIBILITIES & DUTIES:

  • Provide a leadership role across Information Security and may supervise or lead the activities of others while building relationships and team morale.
  • Lead and design enterprise security programs, such as Network Security Monitoring, Incident Response Case Management, red-team exercises, and establish and maintain security frameworks, audit (or oversee 3rd party audits) of organizational structures.
  • Establishing testing protocols to identify and document potential security vulnerabilities of IT systems.
  • Solving complex problems involving enterprise security risks without supervision.
  • Assume the role of a key communications gateway to SaNE while collaborating on security aspects of joint projects with E&IT teams.
  • Designing, deploying, and administering enterprise email authentication and encryption solutions – such as PGP or S/MIME certificates.
  • Establish and implement project plans and schedules for conducting security vulnerability assessments of our enterprise systems.
  • Oversee or lead and help manage joint efforts by E&IT engineers to meet security project goals.
  • Managing internal and external, in-house or 3rd party, penetration testing of corporate systems.
  • Respond to (or if delegate, lead) the processes surrounding security events and incidents on a 24/7 basis if necessary.
  • Collect, analyze, and archive electronic and written records, digital media, notes, and other evidence.
  • Document the analysis of results and assist in providing security advisories for all users.
  • Identify and promote ways we can learn from security events and avoid repeat occurrences.
  • Developing and authoring information security policies and defining procedures to implement industry best practices.
  • Lead projects to identify security issues proactively through analysis of network traffic, software and hardware testing, log review and consultation with users.
  • Conduct or oversee forensic examinations of digital records, logs and other data.
  • Guidance and oversight of various corporate security systems.
  • Work with E&IT staff to analyze security related events to assist with escalation decisions.
  • Oversee and coordinate security monitoring and incident response for our production systems.
  • Coordinate with vendors and external security teams to address security issues for external IT services and systems.
  • Work with the E&IT Senior leadership team to construct and adhere to Information Security budgets.
  • Maintain a very high level of ethics and integrity.
  • Experience in public speaking and presentations to executives and community.
  • Other duties as assigned or requested.

REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES (KSAS):

  • Subject Matter Expertise in all of the following areas:
  • Identity Management
    • Authentication and Authorization
    • User Behavior Analytics
  • Data Security
    • OS Security Hardening (Windows, Linux, MacOS, iOS)
    • Knowledge (or the capacity to quickly gain knowledge) of encryption theory and practice (e.g. TLS, HMAC, RSA, AES, PKI)
  • Network Security Monitoring
    • Log Management (SEIM)
    • IDS/IPS
    • Packet Capture Dissection
  • Web Application Security
    • Attack Techniques
    • Secure Coding Practices
    • Common Vulnerabilities and Mitigation
  • Vulnerability Detection and Management
    • Manual Attack / Defense Techniques
    • Automated Scanning
    • Passive Network Detection
  • Threat Modeling and Security Controls
    • DREAD
    • STRIDE
    • NIST CSF
  • Data Security/Privacy Practices
    • Anonymization methods
    • Tokenization methods
    • Masking methods

EDUCATION AND EXPERIENCE REQUIREMENTS:

  • Bachelor’s Degree required, Study in Computer Science, Information Technology, or a related field desired.
  • Minimum three (3) years of general IT experience.
  • Minimum of eight (8) years of Information Security experience.
  • Professional certifications in Information Security, such as SANS GIAC certs or similar.

BrainWorks is a premier executive search firm that delivers superior talent to drive business performance. Our consultants are experts in their practice areas, which include Information Technology; Consumer Products, CRM, Direct/Database Marketing and Customer Sciences/Advanced Analytics; Accounting and Finance; Private Equity and Portfolio Companies; Digital Marketing and eCommerce; and Consumer Insights and Market Research

Our Technology Practice has deep expertise understanding how technology executives drive business performance. We have placed mid to senior level talent including CIOs, CTOs, and leaders in Development, Infrastructure, Data Management and E-Commerce.

BrainWorks prides itself on quality, speed and GUARANTEED RESULTS, delivered through our unique QUASAR approach. When you partner with BrainWorks, your company will receive intelligence and industry expertise from consultants who are trustworthy, caring and passionate about your business needs. https://brainworksinc.com.

Apply Online
View All Jobs

Share this job