Senior Security Engineer
New Haven, Connecticut, United States of America
Full Time
1 hour ago
No Visa Sponsorship
Key skills
AWSCloudFirewallsPythonSplunkBashPowerShellActive DirectoryLeadershipRisk ManagementCommunicationPenetration TestingNetwork Security
About this role
Role Overview
- Assess and mitigate security risks across QCI’s on-premises and AWS environments, including securing in-house applications hosted on AWS.
- Develop, implement, and maintain security policies, procedures, and best practices to safeguard systems, data, and QCI’s quantum computing platform.
- Evaluate and enhance network security by auditing network devices and security appliances (e.g., SonicWall, Cisco, Juniper), identifying vulnerabilities, and recommending configurations. Collaborate with network engineers for implementation.
- Monitor and respond to security threats and incidents by developing and executing a comprehensive incident response plan to detect, communicate, contain, and remediate security breaches effectively.
- Perform regular security audits, risk assessments, and vulnerability scans, including reviews of Windows environments, Active Directory, and GPO configurations.
- Lead and coordinate penetration testing initiatives, conducting internal assessments to identify vulnerabilities and working with third-party security firms for comprehensive evaluations.
- Automate security tasks such as monitoring, alerting, and compliance checks using scripting languages (e.g., Python, Bash).
- Raise security awareness by establishing a training program, including phishing campaigns and regular employee education to promote best practices.
- Collaborate with leadership to report on security status, vulnerabilities, and improvement plans, ensuring proactive risk management. firms to conduct comprehensive evaluations.
- Ensure compliance with third-party vendor security policies by designing and implementing security measures for systems handling external data.
- Oversee secure data handling and retention processes, including encryption, retention, deletion, and forensic destruction in alignment with industry standards such as NIST guidelines.
- Regularly review access logs for potential security threats and unauthorized access, providing detailed reports as required by external audits or risk assessments.
Requirements
- 5+ years of experience in security engineering, with a focus on both cloud (AWS) and on-premises environments.
- Deep understanding of security concepts, including network security, encryption, identity and access management, and compliance standards (e.g., ISO, NIST, PCI-DSS).
- Familiarity with NIST standards for secure data handling and destruction (e.g., NIST SP 800-88).
- Experience with security tools for vulnerability scanning, incident detection, and monitoring (e.g., Black Duck, Nessus, Splunk, AWS Security Hub).
- Hands-on experience managing and securing network devices such as firewalls, routers, and switches (e.g., SonicWall, Cisco, Juniper).
- Strong scripting skills (Python, Bash, PowerShell) for automation of security tasks.
- Knowledge of Windows environments (Active Directory, GPOs) and securing Windows-based systems.
- Excellent communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders.
- Self-motivated and able to take ownership of projects, driving them to completion.
Tech Stack
- AWS
- Cloud
- Firewalls
- Python
- Splunk
Benefits
- Sponsorship is available for qualified candidates.