Cybersecurity Engineer

We are looking for a Cybersecurity Engineer to join our Corporate IT Team in NYC!

ROLE AND RESPONSIBILITIES:

The Cybersecurity Engineer is a hands-on technical role responsible for implementing, maintaining, and optimizing security controls across our hybrid infrastructure environment serves as a subject matter expert in designing, implementing, and administering our comprehensive security technology stack. This role combines deep technical expertise in cybersecurity tools with hands-on system administration skills to support our self-hosted, on-premises security infrastructure. The ideal candidate combines infrastructure knowledge with a strong understanding of security operations, compliance requirements, technical implementation and testing and assessing risk.  They will be capable of supporting our security toolset including CyberArk, Splunk, OKTA, Tenable, SOAR platforms, and other security analytics solutions.

Responsibilities:

Vulnerability & Threat Management

• Conduct vulnerability assessments across containerized and traditional infrastructure
• Perform ethical hacking and penetration testing to identify security weaknesses on our applications periodically and at times of new releases.
  • Candidates should have a CEH and be familiar with Nmap, Wireshark, Metasploit, Hydra and Burp to name a few.
• Lead remediation efforts and track vulnerability lifecycle management
• Analyze security alerts and incidents, performing root cause analysis
• Contribute to threat hunting activities and security monitoring

Security Platform Architecture support and administration

• Administer and optimize enterprise security tools including SIEM, EDR, vulnerability scanners, and container security platforms
• Manage security aspects of VMware infrastructure, storage systems, and network segmentation
• Configure and maintain authentication systems (SAML, RADIUS) and identity management platforms such as OKTA.

Security Tools Administration & Management

CyberArk Privileged Access Management

• Administer CyberArk PAS (Privileged Access Security) including Vault, CPM, PSM, and PVWA components
• Configure privileged account onboarding, password management policies, and access workflows
• Implement CyberArk integrations with Active Directory, applications, and infrastructure systems
• Manage CyberArk clustering, disaster recovery, and high availability configurations
• Troubleshoot CyberArk performance issues and optimize system configurations

Splunk Enterprise & Security Operations

• Administer Splunk Enterprise infrastructure including indexers, search heads, and forwarders
• Configure and maintain Splunk Enterprise Security (ES) for security monitoring and incident detection
• Develop custom Splunk searches, dashboards, and alerts for security use cases
• Manage Splunk data models, knowledge objects, and correlation rules
• Optimize Splunk performance, storage management, and cluster operations

Vulnerability Management & Security Testing

• Administer Tenable Security Center and Nessus scanning infrastructure
• Configure vulnerability scanning policies, schedules, and remediation workflows
• Integrate vulnerability data with other security tools and ticketing systems
• Develop custom vulnerability reporting and metrics dashboards
• Coordinate vulnerability assessment activities and penetration testing support

Security Orchestration & Response (SOAR)

• Implement and maintain SOAR platforms for security automation
• Develop automated playbooks for incident response, threat hunting, and remediation activities
• Create custom integrations between the SOAR platform and existing security tools
• Design automated workflows for security alert triage and response coordination
• Maintain SOAR platform performance and troubleshoot automation issues

System Administration & Infrastructure

• Test disaster recovery, and business continuity procedures for security systems

Security Operations Support

• Provide Level 2/3 technical support for security incidents and tool-related issues
• Participate in incident response activities and forensic investigations
• Develop and maintain security procedures and troubleshooting guides
• Support 24/7 security operations center (SOC) activities and on-call rotation
• Collaborate with security analysts to optimize detection rules and reduce false positives

Compliance & Governance

• Support compliance initiatives including SOC 2, PCI DSS, NIST SP 800-53 and regulatory audits
• Maintain security tool documentation, configurations, and change management procedures
• Implement logging and audit trail requirements for compliance frameworks
• Develop security metrics and KPI reporting for management and auditors
• Ensure security tools meet data retention and privacy requirements

Cross-functional Collaboration

• • Partner with IT infrastructure teams on security tool deployment and maintenance
  • Collaborate with application development teams on security tool integrations
  • Work with network teams to implement security monitoring and traffic analysis
  • Support risk management activities with technical security assessments
  • Provide security expertise for project planning and technology implementations

Desired Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience
• Relevant certifications preferred: CCSP, CISSP, GCIH, GCFA, Security+, CySA+, GSEC, or equivalent
• Vendor-specific certifications: CyberArk Defender/Sentry, Splunk Certified Admin/Architect, Tenable Certified Security Practitioner

Technical Skills - Core Platform:

Security Tools Proficiency (3+ years each)

• CyberArk: Deep experience with PAS components, policy configuration, and enterprise deployment
• Splunk: Advanced administration of Splunk Enterprise and Enterprise Security, including clustering and performance optimization
• Tenable: Comprehensive vulnerability management experience with Security Center, Nessus, and enterprise scanning
• SOAR Platforms: Hands-on experience with security orchestration tools (Phantom, Demisto, IBM Resilient, or similar)

System Administration (5+ years combined)

• Advanced Linux administration (RHEL, CentOS, Ubuntu) including shell scripting and automation
• Windows Server administration including PowerShell scripting and Active Directory integration
• Network security concepts and implementation (firewalls, IDS/IPS, network segmentation)

Security Specializations

• Enterprise PKI and certificate management
• Log aggregation, analysis, and correlation techniques
• Incident response procedures and forensic analysis
• Threat intelligence integration and threat hunting methodologies
• Security automation and orchestration best practices

Professional Experience

• 4+ years of cybersecurity experience with focus on enterprise security tools
• 4+ years of hands-on system administration in enterprise environments
• Experience with self-hosted, on-premises security infrastructure
• Proven track record of security tool implementations and migrations
• Experience participating in and supporting compliance audits and regulatory requirements

Additional Skills

• Strong scripting abilities (Python, Bash, PowerShell) for automation and integration
• Experience with API integration and custom security tool development
• Knowledge of cloud security platforms (AWS Security Hub, Azure Security Center) preferred
• Understanding of DevSecOps practices and CI/CD pipeline security
• Excellent troubleshooting and analytical problem-solving skills
• Strong documentation and technical writing capabilities

Key Competencies

• Technical Leadership: Ability to serve as subject matter expert across various Security tool sets.
• Problem-Solving: Advanced analytical skills for complex security tool issues and integrations
• Communication: Ability to explain technical concepts to both technical and non-technical stakeholders
• Project Management: Experience leading security tool implementations and upgrades
• Continuous Learning: Commitment to staying current with emerging security technologies and threats

Preferred Qualifications

• Degree in Cybersecurity or related field
• Experience in regulated industries (government)
• Advanced certifications: CISSP, SABSA, TOGAF, or specialized vendor certifications
• Experience with additional security tools: QRadar, Rapid7, Carbon Black, CrowdStrike
• Background in security architecture and enterprise security frameworks

Working Conditions

• Hybrid work environment with flexibility for remote work when required.
• Participation in on-call rotation for security incidents (typically 1 week per month)
• Occasional travel for training, conferences, or vendor meetings (10-15%)
• Some after-hours maintenance windows for security system updates
• Collaborative environment with cross-functional team interaction

Reporting Structure

Reports to: CISO/VP of IT Security or team lead.  Collaborates with: SOC analysts, IT infrastructure teams, Compliance, Risk Management, and Development teams

Note: All certifications should be current and maintained for the relevant ServiceNow platform version.

*The salary reflected is a good faith estimate of base pay for the primary location of the position. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay for this position is $115,000 annually. Pay will vary by work location and may also depend on job -related knowledge, skills, experience and abilities of the successful candidate. Your recruiter can share more about the specific salary range for the job location during the hiring process.

Keywords: #NYC #NewYorkCity #Manhatten, #Cybersecurity, Cybersecurity, CISSP, #CISSP, SecurityTools ,#SecurityTools, SIEM, #SIEM, #InfrastructureEnvirnonments, #CyberArk, CyberArk, #Splunk, Splunk, OKTA, #OKTA, Tenable, #Tenable, #SOARPlatforms, SOARPlatforms, #Telecom, Telecom, #Troubleshoot, #Engineering