Sr Staff Security Engineer

Sr Staff Security Engineer

The Sr Staff Security Engineer will focus on the application of engineering principles to the design, implementation, and maintenance of security measures to protect an organization's information systems and data. These roles involve assessing vulnerabilities, developing security protocols, security monitoring and incident response, security development lifecycle activities, enterprise identity governance and administration, platform deployment and management and deploying technologies to safeguard against cyber threats, ensuring the integrity, confidentiality, and availability of information assets.

The Sr Staff Security Engineer plays a critical role in designing and implementing security solutions across the enterprise. This position is an advanced level role requiring an expert understanding of security engineering and software development practices to lead security initiatives, ensuring secure architecture for workloads, and implementing industry best practices.

The Sr Staff Security Engineer will collaborate with internal teams to protect the organization's technology environments and respond to emerging threats, vulnerabilities, and compliance requirements. This role is highly collaborative and may include leading teams or mentoring more junior security engineers or external teams in key security concepts. This role will make important product and design decisions and provide technical and professional leadership for the team members who directly or indirectly report to them.

Job Will Remain Open Until Filled

The Company is one of North America's leading sales and marketing agencies specializing in outsourced sales, merchandising, category management, and marketing services to manufacturers, suppliers, and producers of food products and consumer packaged goods. The Company services a variety of trade channels including grocery, mass merchandise, specialty, convenience, drug, dollar, club, hardware, consumer electronics, and home centers. We bridge the gap between manufacturers and retailers, providing consumers access to the best products available in the marketplace today.

Responsibilities

Demonstrates success leading medium-large-scale projects that potentially have an exceptional impact on the long-term growth of the company throughout the entire lifecycle: solution architecture, engineering design, development, testing, production, and subsequent fixes and improvements.
• Provides technical security guidance to IT leadership and makes wide-scale architectural and design decisions to ensure compliance with security policies, guidelines, standards, controls, and governance. Estimates, assesses, and manages project timelines, security risks, and supports escalated on-call requests. Represents security as a SME to advise teams on recommended best security practices and help identify security gaps.
• Reviews and designs mission critical security platforms to ensure code and requirements are clear, concise, tested, and easily understood by others as well as meets security standards, architectural principles, and NFRs.
• Support the Cyber Defense team by responding to security incidents, performing in-depth investigations and forensic analysis. Coordinate with other security teams, IT, HR, communications, and legal teams to address incidents.
• Mastered understanding of all components of key features and architecture for multiple products in the cybersecurity portfolio with a high-level understanding of several additional products, integrations, and capabilities.
• Continuous Improvement and Training--conducts technical research to contribute to setting security direction and strategy. Lead internal cybersecurity training initiatives for staff across the organization.

Supervisory Responsibilities

Direct Reports: This position does not have supervisory responsibilities for direct reports

Indirect Reports: Does not have direct reports, but may delegate work of others and provide guidance, direction and mentoring to indirect reports

Minimum Qualifications

Education Level:

Required: Bachelor's degree

Experience Requirements:

8+ years of experience supporting 4 of the following domains: Security and Risk Management; Asset Security; Security Architecture and Engineering; Communication & Network Security; Identity and Access Management; Security Assessment and Testing;

Cyber Defense (including computer forensics, cyber response, threat analysis & intelligence); Software Development Security.

Familiarity with at least 2 of the following frameworks: MITRE ATT&CK; MITRE D3FEND; NIST CSF; NIST RMF; ISO 27001; FISMA; COBIT; HITRUST

Environmental & Physical Requirements

Office / Sedentary Requirements: Incumbent must be able to perform the essential functions of the job. Work is performed primarily in an office environment. Typically, requires the ability to sit for extended periods of time (66%+ each day), ability to hear telephone, ability to enter data on a computer and may require the ability to lift up to 10lbs.

Knowledge, Skills, and Abilities

• Expert knowledge of securing cloud platforms such as AWS, Microsoft Azure, or Google Cloud Platform (GCP). Advanced knowledge of cloud-native security services (e.g., AWS Shield, Azure Security Center, GCP Security Command Center).
• Expert knowledge of compliance standards such as ISO 27001, NIST, CIS, GDPR, and SOC2, and experience implementing governance policies in Azure
• Expert knowledge of security architecture principles and best practices, particularly in network defense, endpoint security, and cloud security.
• Expert knowledge of cloud security services and tools like IAM (Identity and Access Management), encryption, network security, firewalls, and logging/monitoring solutions specific to cloud platforms.
• A recognized authority in cloud security automation, develops comprehensive automation strategies, establishes scalable solutions, and shapes the organization's automation roadmap to proactively address emerging threats.
• Expert knowledge of security architecture principles and best practices, particularly in network defense, endpoint security, and cloud security.
• Expert knowledge of firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection solutions.
• A recognized authority on aligning cybersecurity strategies with complex regulatory frameworks, leads the creation of compliance-focused strategies, anticipates regulatory changes, and ensures continuous audit readiness and adherence to high standards.
• Expert knowledge of cloud network security (VPCs, security groups, VPNs) and encryption methodologies (KMS, HSM, TLS, etc.).
• Expert knowledge of Microsoft Azure services, including Azure AD, Azure Security Center, Azure Sentinel, Azure Policy, Azure Networking, Azure Key Vault, and Azure Firewall.
• Expert knowledge of Azure Security Benchmark (ASB) and Microsoft's Cloud Adoption Framework (CAF) for Azure.
• Expert knowledge of Azure Virtual Network (VNet), NSGs, VPNs, and encryption techniques using Azure Key Vault
• Expert knowledge of using Azure-native security tools such as Azure Monitor, Azure Log Analytics, Azure Defender, and Azure Application Gateway.
• Capable of representing the Security team as a subject matter expert on cross-functional teams and leading security initiatives within a collaborative environment.
• Excellent communication skills, with the ability to represent the security team and act as subject matter leader within project teams or within ADV
• Ability to think critically and make risk-based decisions in high-pressure environments.
• Experienced in leading strategic vendor security assessments, defining best practices for continuous monitoring, and crafting comprehensive contractual
• security requirements alongside advanced monitoring frameworks.
• Able to predict and proactively mitigate complex security threats through advanced data analysis techniques and develop strategies for continuous improvement in risk assessment and security operations across the organization.
• Highly adaptable in anticipating complex threats, shaping strategic risk management approaches, and leading the development of resilient, adaptive threat response measures for the evolving landscape.
• Expert understanding of Privilege Management, Application Control, Antivirus, Endpoint Detection and Response, File Integrity Monitoring, Intrusion Detection/Prevention Systems, logging/monitoring, and other commonly implemented enterprise security technologies are a must.
• Expert knowledge of network protocols such as TCP/IP, DNS, HTTP/HTTPS, BGP, OSPF, and SNMP
• Strong leadership skills, with experience mentoring junior engineers, driving security initiatives in a collaborative, cross-functional environment, and delivering constructive feedback while providing career development guidance to foster growth within the team.

Additional Information Regarding Job Duties and Job Descriptions

Job duties include additional responsibilities as assigned by one's supervisor or other manager related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job positions, or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this position. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of associates so classified.

The Company is committed to providing equal opportunity in all employment practices without regard to age, race, color, national origin, sex, sexual orientation, religion, physical or mental disability, or any other category protected by law. As part of this commitment, the Company shall provide reasonable accommodations of known disabilities to enable an applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by law.