Cyber Security Engineer

About The Position

Requirements

• Strong knowledge of cybersecurity principles, frameworks, and best practices (e.g., NIST, ISO 27001, CIS Controls, MITRE ATT&CK).
• Knowledge of network protocols, services, and architecture including TCP/IP, DNS, DHCP, HTTP/S, SSL/TLS, VPN, routing/switching, firewalls, intrusion detection/prevention systems, endpoint protection platforms, and overall network security design.
• Knowledge of operating system architecture and security for Windows, Windows Server, Linux distributions, and macOS.
• Knowledge of identity and access management technologies including Active Directory and Microsoft Entra, authentication mechanisms, Group Policy, conditional access, certificate services, directory administration, and privileged access management concepts.
• Knowledge of penetration testing methodologies, offensive security techniques, common attack vectors, exploit frameworks, and vulnerability assessment practices.
• Knowledge of digital forensics and incident response (DFIR) processes and tools.
• Knowledge of email security, phishing mitigation, threat intelligence platforms (e.g., Proofpoint), application whitelisting, and zero-trust security models.
• Knowledge of third-party risk management, vendor security assessment tools, ITSM platforms, and security workflow integration.
• Knowledge of AI and machine learning applications in cybersecurity, including automated threat detection and response.
• Skill in scripting and automation using PowerShell, with working proficiency in additional scripting languages such as Python, Bash, or similar.
• Skill in penetration testing, vulnerability scanning, and red team/blue team exercises.
• Skill in digital forensics analysis, including log analysis, memory forensics, and disk imaging.
• Skill in administering and hardening Linux-based servers and services.
• Skill in configuring and troubleshooting Active Directory and Microsoft Entra environments, including hybrid identity configurations.
• Skill in analyzing security logs, network traffic captures, and SIEM alerts to identify indicators of compromise.
• Strong analytical, problem-solving, and risk assessment skills in time-sensitive environments.
• Ability to respond effectively to active security incidents, including off-hours situations, while exercising sound judgment under pressure.
• Ability to conduct root cause analysis and translate technical findings into actionable remediation plans.
• Ability to communicate complex cybersecurity concepts and technical findings to both technical and non-technical audiences, including clients.
• Ability to prioritize competing demands and manage multiple concurrent security initiatives or projects.
• Ability to work independently with minimal supervision while collaborating effectively with cross-functional teams.
• Ability to maintain strict confidentiality of sensitive security information, client data, and proprietary systems.
• Valid driver’s license.
• High school diploma or equivalent.
• Experience with security incident response and digital forensics, Active Directory admin and/or Microsoft Entra environments, at least one scripting language (PowerShell required).

Nice To Haves

• Demonstrated proficiency through industry-recognized platforms, capture-the-flag (CTF) competitions, or equivalent hands-on cybersecurity experience may be considered in lieu of formal education.
• Experience with cloud security Azure and AWS, AI-driven security tools and automation.

Responsibilities

• Administer, configure, and maintain the organization’s security technology stack, including identity and access management systems such as Active Directory and Microsoft Entra, ensuring proper authentication, authorization, and policy enforcement.
• Implement, tune, and optimize security tools and technologies to strengthen the organization’s security posture, including evaluating and integrating AI-driven security solutions and automation to enhance threat detection and response.
• Monitor networks, endpoints, and systems using security monitoring platforms and SIEM tools to detect breaches, intrusions, and anomalous activity.
• Analyze network traffic, security logs, and alerts to identify, investigate, and respond to potential threats and vulnerabilities.
• Develop, maintain, and execute incident response plans, conduct digital forensics and incident response (DFIR) investigations to determine root cause, scope of compromise, and impact.
• Coordinate with clients and internal teams to contain, remediate, and recover from security incidents while minimizing data loss and operational disruption.
• Conduct vulnerability assessments, penetration testing, and risk analyses across networks, systems, and applications, prioritizing remediation based on risk and business impact.
• Ensure systems and networks comply with applicable industry regulations and security frameworks (e.g., NIST, ISO 27001, CIS) through security audits, assessments, and policy enforcement.
• Develop, maintain, and update security and compliance documentation, including policies, procedures, and incident reports.
• Stay informed of emerging threats, vulnerabilities, and cybersecurity trends to proactively identify risks and recommend security improvements through training and professional development opportunities.
• Participate in client meetings and presentations to discuss security assessments, incident findings, and risk mitigation strategies.
• Provide technical guidance and recommendations to clients and internal teams on security best practices and emerging threats.
• Performs other duties as assigned by management.