Cyber Security Engineer - PSI International
Somerset, NJ
About the Job
RCI-NYCERS-01172025 - Cyber Security Engineer - Brooklyn, NY
Requirement Number: RCI-NYCERS-01172025
Client: NYC Employees Retirement System
Job Title: Cyber Security Engineer
Location: 335 Adams St, Suite 2300 Brooklyn, NY 11201
Hours: THIS POSITION WILL ALLOW 40.00 - HOURS PER WEEK. PLEASE DO NOT ASSUME THAT OVERTIME WILL BE ALLOWED.
Duration: 12 Months
Job Description:
• The security engineer will be a hands-on security professional, responsible for ensuring security in the sdlc, implementation, and operational maintenance of Client information security controls and countermeasures
Scope of services:
• The Security Engineer will be a hands-on security professional, responsible for ensuring security in the SDLC, implementation, and operational maintenance of Client Information Security controls and countermeasures.
• The engineer will work closely with system integrators on best security practices and follow NIST/NYDFS framework to secure Client data when stored, processed, and exchanged through cloud platforms with other on-premise Client or third party systems.
• The Security Engineer will also review and assess the security design of technology upgrade projects and work with the Client Information Security team to recommend security controls and address challenges in timely manner
Mandatory Skills/Experience
Minimum 7 years of experience with system design and security engineering with experience implementing a wide range of solutions both in cloud and on-prem.
• Knowledge of security engineering to ensure security solutions development aligns with the defined architecture strategies
• Bachelors /Master's degree from an accredited college/university or equivalent work experience.
• Professional certifications in security, preferably in any two; CCSP, CISSP, CISA, Azure Solutions Architect Certification, Microsoft Azure Architect Certification & Microsoft Azure Architect Technologies
• Strong understanding of secure design and reviews, identity and access management
• Strong understanding of secure design and reviews, identity and access management protocols, Secure SDLC, OWASP, NIST.
Desirable skills/experience:
• Good knowledge of Identity Access Management (IAM), SAML, Federation, Privilege Access Management (PAM), and MFA technologies.
• Data Security (Cryptography and Encryption).
• Knowledge of advanced Auditing and Log Management.
• Security vulnerabilities scanning tools.
• Knowledge of Cloud Access Broker Services (CASB) and configuration based on best practices.
• Data Loss Prevention (DLP) tools and configuration based on best practices.
• User behavior monitoring.
• Data analysis of Network, Cloud, and Endpoint data.
• Centralized management of next generation firewalls and intrusion detection and prevention systems (IDS/IPS).
• Provide oversight and assess security controls for IaaS, PaaS, and SaaS services, while collaborating with system integrators and Client teams to deliver reliable and scalable security capabilities.
• Optimization of security tools and controls.
• Oversee and lead the implementation of all security solutions, develop technical, and reference architectures throughout the project duration.
• Perform as a subject matter expert on cloud technologies, build, and recommend security infrastructure from scratch and raise security risks in a timely manner.
• Develop security requirements for complex internet facing applications and associated infrastructure components.
• Responsible for assessing and reviewing end-to-end secure integrations including web services and APIs.
• Work closely with Client security team and third party system integrators on security engineering related issues and resolving the issues without affecting the overall project delivery timelines.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
• Analyzes trends, news, advisories, and changes in threat and conduct security assessments with risk mitigation plans.
• Review vulnerability management reports and follow-up with technical stakeholders on remediation efforts.
• Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with incident responders.
Requirement Number: RCI-NYCERS-01172025
Client: NYC Employees Retirement System
Job Title: Cyber Security Engineer
Location: 335 Adams St, Suite 2300 Brooklyn, NY 11201
Hours: THIS POSITION WILL ALLOW 40.00 - HOURS PER WEEK. PLEASE DO NOT ASSUME THAT OVERTIME WILL BE ALLOWED.
Duration: 12 Months
Job Description:
• The security engineer will be a hands-on security professional, responsible for ensuring security in the sdlc, implementation, and operational maintenance of Client information security controls and countermeasures
Scope of services:
• The Security Engineer will be a hands-on security professional, responsible for ensuring security in the SDLC, implementation, and operational maintenance of Client Information Security controls and countermeasures.
• The engineer will work closely with system integrators on best security practices and follow NIST/NYDFS framework to secure Client data when stored, processed, and exchanged through cloud platforms with other on-premise Client or third party systems.
• The Security Engineer will also review and assess the security design of technology upgrade projects and work with the Client Information Security team to recommend security controls and address challenges in timely manner
Mandatory Skills/Experience
Minimum 7 years of experience with system design and security engineering with experience implementing a wide range of solutions both in cloud and on-prem.
• Knowledge of security engineering to ensure security solutions development aligns with the defined architecture strategies
• Bachelors /Master's degree from an accredited college/university or equivalent work experience.
• Professional certifications in security, preferably in any two; CCSP, CISSP, CISA, Azure Solutions Architect Certification, Microsoft Azure Architect Certification & Microsoft Azure Architect Technologies
• Strong understanding of secure design and reviews, identity and access management
• Strong understanding of secure design and reviews, identity and access management protocols, Secure SDLC, OWASP, NIST.
Desirable skills/experience:
• Good knowledge of Identity Access Management (IAM), SAML, Federation, Privilege Access Management (PAM), and MFA technologies.
• Data Security (Cryptography and Encryption).
• Knowledge of advanced Auditing and Log Management.
• Security vulnerabilities scanning tools.
• Knowledge of Cloud Access Broker Services (CASB) and configuration based on best practices.
• Data Loss Prevention (DLP) tools and configuration based on best practices.
• User behavior monitoring.
• Data analysis of Network, Cloud, and Endpoint data.
• Centralized management of next generation firewalls and intrusion detection and prevention systems (IDS/IPS).
• Provide oversight and assess security controls for IaaS, PaaS, and SaaS services, while collaborating with system integrators and Client teams to deliver reliable and scalable security capabilities.
• Optimization of security tools and controls.
• Oversee and lead the implementation of all security solutions, develop technical, and reference architectures throughout the project duration.
• Perform as a subject matter expert on cloud technologies, build, and recommend security infrastructure from scratch and raise security risks in a timely manner.
• Develop security requirements for complex internet facing applications and associated infrastructure components.
• Responsible for assessing and reviewing end-to-end secure integrations including web services and APIs.
• Work closely with Client security team and third party system integrators on security engineering related issues and resolving the issues without affecting the overall project delivery timelines.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
• Analyzes trends, news, advisories, and changes in threat and conduct security assessments with risk mitigation plans.
• Review vulnerability management reports and follow-up with technical stakeholders on remediation efforts.
• Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with incident responders.
Source : PSI International