Senior Security Engineer – IT

Security EngineerSecurity EngineerFull TimeRemoteTeam 10,001+Since 1994H1B No SponsorCompany Site LinkedIn

Location

Colorado

Posted

54 days ago

Salary

$85K - $135K / year

Bachelor Degree10 yrs expEnglishCloudCyber SecurityGoogle Cloud Platform

Job Description

• Develops and manages security for more than one IT functional area (e.g., data, systems, network and/or Web) across the enterprise. • Lead ensuring Cloud Security Firewall requests, Gitlab merge requests, GCP group access requests, and DaVita Temporary Privilege Escalation Tool requests are tracked, worked, and addressed. • Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements. • Prepares status reports on security matters to develop security risk analysis scenarios and response procedures. • Provide weekly, bi-weekly and monthly status updates on various cloud security projects including Wiz vulnerability and misconfiguration management, the Cloud Governance effort of implementing security checks in the CI/CD pipeline, as well as log ingestion and custom alerting in Cysiv. • Responsible for the tracking and monitoring of IT security incidents through remediation. • Jira ticket tracking and communicating with other teams regarding security issues through remediation. • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks. • Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates, and maintains and documents security controls. • Review policies and create custom controls in our CSPM to cover a variety of security frameworks. • Document Cloud Security practices & procedures in Confluence and Administer the Cloud Security DevOps Jira project. • Provide direct support to the business and IT staff for security related issues. • Serves as a cloud security point of contact for other teams. Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.

Job Requirements

BA or BS in Computer Science, Management Information Systems, or related field
6 to 8 years delivering information security infrastructure support and related services with a minimum of 10 years IT experience
5 years of IT experience ranging from cloud security engineering to big data platform engineering for a SIEM/SOAR solution, to cybersecurity consulting assisting with the creation of SOC runbooks and playbooks, as well as standing up an ELK stack
Demonstrated experience in computer security combined with risk analysis, audit, and compliance objectives
Align tuning of CSPM controls and issue remediation program to the CIS benchmarks, including CIS GCP v3.0.0 and CIS GKE v1.5.0.
Adjust severity of controls as needed, following risk analysis.
DDPE experience with a focus on maintenance and upgrade support
Experience with other full disk encryption solutions, such as Microsoft BitLocker both with encrypting and decrypting disks including with supporting in disk recovery.
Expert knowledge enterprise firewall technologies required
Strong knowledge of DLP
Strong knowledge of data loss prevention concepts and methodologies, as well as practical experience configuring the GCP Cloud Data Loss Prevention (DLP) API.
Working knowledge of IPS/IDS Configuration
Good familiarity with configuring and tuning IDS solutions.
Experience with incidence response within a team setting
Experience in validating true positives from Wiz Threat Detections and Cysiv alerts and working with the IR team on remediating, assisted with the creation of SOC runbooks and playbooks, helped lead the Cloud Security.
Strong experience with Vulnerability Management Scanning and remediation support.
Wiz remediation program, as well as helping to troubleshoot on-prem Kenna/Tenable vulnerability scanning system.
Experience with SIEM including adding data source, infrastructure maintenance/ upgrade and software update support
Responsible for managing and providing updates for integrating logs from F5 Distributed Cloud and Wiz into Cysiv. Also responsible for creating custom alerting off those logs, ensuring we are notified of any log stoppages, assisting with technical issues, and working with other teams for actioning on incidents.
Working knowledge of privileged account management within a large enterprise environment.
Security reviews, testing, and operating DaVita’s in-house Temporary Privilege Escalation tool, as well as consistently review and provide feedback on GitLab merge requests created by other IT Teammates related to assigning privileges to users, groups, and service accounts.

Benefits

Comprehensive benefits: Medical, dental, vision, 401(k) match, paid time off, PTO cash out
Support for you and your family: Family resources, EAP counseling sessions, access Headspace ® , backup child and elder care, maternity/paternity leave and more
Professional development programs: DaVita offers a variety of programs to help strong performers grow within their career and also offers on-demand virtual leadership and development courses through DaVita’s online training platform StarLearning.