• Design and implement secure architecture for applications and infrastructure (onsite and in the cloud).
• Develop and maintain security policies, standards, and guidelines.
• Work with enterprise systems team to develop and implement code scanning into the CI/CD pipelines.
• Implement vulnerability security testing tools and frameworks.
• Conduct threat modeling and risk assessments.
• Assist in assessing readiness and in passing compliance audits for applicable data protection laws and regulations (i.e., PCI, DSS)
• Assess gaps in security practices and propose appropriate solutions.
• Collaborate with development, operations, and IT teams to promote security best practices, including service level agreements, availability, continuity, system security, documentation, technology adoption, and planning.
• Advocate for security within the organization.
• Participate in the preparation and execution of cyber security incident response plans, exercises, and events.
• Assist in preparing and exercising resilience, incident response, business continuity, and disaster recovery plans.
• Support Security Awareness Program.
• Manage annual third-party penetration testing and findings to remediation.
• Build and participate in a third-party risk management program.
• Perform vendor and partner risk assessments.
• Perform security audits on applications and infrastructure.
• Perform other security projects as needed.
• Stay updated with the latest security trends, threats, and technologies.

Qualifications

Basic Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• Minimum of 10 years as a security engineer or similar role.
• Strong understanding of network security, cryptography, and secure coding practices.
• Experience with security protocols and technologies, including SSL/TLS, VPNs, and multi-factor authentication (MFA).
• Relevant security certifications (CISSP, CEH, OSCP).
• Exposure in scripting languages (e.g., Python, Bash) for automation and security tool integration.
• In-depth knowledge of security best practices and frameworks (e.g., OWASP, NIST).
• Experience with Azure cloud security or similar cloud platforms.
• Familiarity with security tools and technologies, such as firewalls, IDS/IPS, SIEM, and antivirus software/EDR.
• Excellent problem-solving and analytical skills.
• Effective communication and people skil