Senior Cyber Security Engineer
The Global Security and Privacy (GSAP) team is responsible for developing, implementing, and administering Catalina’s global security and privacy compliance program. With security, risk and privacy concerns so prevalent, Catalina’s GSAP organization’s mission is to protect Catalina’s brand by identifying and reducing risk across the enterprise to improve levels of privacy, cybersecurity, and resilience. GSAP will identify risks, recommend solutions, and handle investigations, breaches, and incidents to ensure Catalina has a trusted and private environment that provides Catalina and Catalina clients the freedom to innovate, grow, pursue strategic goals, and to do business anywhere and anytime.
This position will report to the Manager Security Architecture/Engineering. The role is mainly focused to address Catalina cloud infrastructure and applications as well as support security functions. The successful candidate will join a team of highly qualified individuals who collaborate and support each other. The candidate will have the opportunity to grow their knowledge in security but in privacy as well.
- Work closely with enterprise architects to identify and mitigate risks, perform security reviews, design top tier security practices, and deliver strategic, innovative cloud based security offerings.
- Propose, design, plan and execute strategic and tactical operational security objectives.
- Perform deep analysis and develop metrics that measure current risk
- Develop metrics that effectively evaluate and manage threats
- Analyzing threats and current security controls to identify gaps in current defensive posture
- Build, test, and implement Cloud information security technologies, including infrastructure and supporting applications related to data protection, network security, and end-point security i.e. NSG’s, VPN’s
- Manage complex projects through both pre-production and implementation phases by collaborating with internal teams, infrastructure management, and business groups
- Under general supervision, be responsible for creating security solutions to prevent internal or external attacks or attempts to compromise Catalina’s email, data, cloud and web-based systems.
- Perform investigations and researches attempted or successful efforts to compromise systems security and designs countermeasures as necessary.
- Evaluate, configure, review/analyze, and support security tools (Qualys, Rapid7, Blackduck, Veracode,etc.)
- Conduct security assessments to identify risks and make recommendations to mitigate those risks
- Identify and make recommendations to configure and optimize server and desktop operating systems and enterprise patch management systems
- Implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
- Participate in root cause analysis of critical events for improving preventative and reactive processes
- Work with other business areas to explain security concepts, make recommendations, and help drive security initiatives
- Support, and enhance security operation processes to include but not limited to
- Vulnerability Management
- Incident Response
- Privilege access
- Managed Security Service Processes
- Privileged Access
- Email, Web Browsing and other endpoint protections
- Cloud Access monitoring and enforcement
- Provide support as needed to assist Security Engineer and Security Analyst
- 5+ years of experience designing, administering, and/or maintaining the security of cloud environments such as MS Azure, AWS, and other offerings
- In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and SANS Top 25
- Experience with cloud architecture and components including compute, storage, and networking as well as scripting experience (tools, process, methods, troubleshooting) and deployment concepts such as continuous integration
- Experience with Azure Key Vault, Azure Security Center, Azure Event Hub, and other Azure security offerings/principals
- Identity and Access Management principals, including B2B and B2C cloud design and implementation
- Strong understanding of security architecture and management
- Strong understanding of security best practices
- Securing network and enterprise cloud applications
- Experience with data security requirements in the cloud aligned with FISMA, CJIS, HIPAA, NIST, GDPR or other rigorous security compliance standards
- Self-motivated, well-organized, able to communicate and collaborate with teams of various competencies, and able to meet aggressive deadlines
- Ability to demonstrate several key security practices in access control, application security, network security, security architecture, and security strategy
- Implementation experience with enterprise security solutions such as WAF, IDS/IPS, Anti-DDOS, DLP, and SIEM, and NextGen FW.
- Network and web protocols and packet analysis tools
- Cyber risk analysis (threat assessments)
- Experience working with, and influencing, business leaders in promotion of consistent practices and policy
- Strong ability to communicate the importance of privacy by design as a business differentiator and core value, beyond legal compliance
- Bachelor’s or master’s in computer science or related field, depending on position level
- Cloud and security industry certifications such as AWS and Azure, CISSP, CCSP, and others as applicable
ADDITIONAL PREFERRED SKILLS
- Dev/Ops processes
- Agile Software development methodology
- Cloud application development experience
Catalina is a recognized leader in highly targeted, personalized digital media that drives, tracks and measures sales lift for leading CPG retailers and brands. Powered by the most extensive shopper database in the world, Catalina's mobile, online and in-store networks personalize the consumer's path to purchase, delivering $7.9 billion in relevant consumer value each year. Catalina has no higher priority than ensuring the privacy and security of the data entrusted to us and maintaining the consumer trust paramount to the continued success of our business partners and Catalina. Based in St. Petersburg, FL, Catalina has operations in the United States, Europe and Japan. To learn more, please visit www.catalina.com or follow us on Twitter @Catalina.
The intent of this job description is to describe the major duties and responsibilities performed by incumbents of this job. Incumbents may be required to perform other job-related tasks other than those specifically included in this description.
All duties and responsibilities are essential job functions and requirements and are subjected to possible modification to reasonably accommodate individuals with disabilities.
We are proud to be an EEO employer M/F/D/V. We maintain a drug-free workplace.