Cyber Security Engineer

The Cyber Security Engineer is responsible for safeguarding the confidentiality, integrity and availability of Follett’s computer systems, networks, and data. This individual plays a critical role in planning, designing, and implementing Follett’s information security framework, policies and technical controls, physical and virtual, both on-premise and in cloud environments. Drives the required testing, implementation, and ongoing operation of Cyber Security solutions by leveraging internal Follett resources as well as external partners. Develops and maintains policies, standards, and guidelines. Monitors systems and networks for abnormal behavior. Detects and responds to security incidents promptly. Conducts security assessments to evaluate existing measures and identify and remediate vulnerabilities. Maintains knowledge of trends and threats in information security, and identifies where additional tools, technologies, controls, policies and procedures are required to appropriately manage Follett risk. Evaluates and recommends security products, services and/or procedures to enhance productivity and effectiveness. Promotes security awareness.

Application and Cloud Security

• Develops and implements security controls for applications and infrastructure.
• Works with IT teams to devise and implement secure on-premise and cloud environments.
• Establishes and drives documented standards and guidelines for secure deployment of applications and infrastructure.
• Provides technical guidance on security best practices to network, infrastructure, and application development teams.

Security assessment & awareness

• Assesses Follett technical environments for security issues.
• Champions and drives Cyber Security training and awareness initiatives throughout the company.
• Educates associates on best practices.
• Shares knowledge and educates all team members on topics related to security techniques, best practices, and trends.

Cyber Security Operations

• Works closely with our 3rd-party security operations center (SOC). Oversees the relationship with the vendor, driving them to better detection capabilities.
• Drives the required testing, implementation, and ongoing operation of Cyber Security solutions by leveraging internal Follett resources as well as external partners.
• Prioritizes, plans, and drives improvements to reduce cyber risk.
• Researches, evaluates, designs, tests, recommends, and drives implementation of new or improved information security controls, tools, processes, software or devices.
• Maintains knowledge of potential and emerging information security threats, vulnerabilities, and control techniques and assists IT and business staff in understanding and responding.
• Responds to security incidents promptly. Consults with Cyber Security incident response teams when required as part of an in-progress incident.
• Identifies and advises management of critical issues that may affect Follett’s overall security profile.

Requirements

• Bachelor’s degree or equivalent - Computer Science, Engineering or related discipline OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience.
• 4 +years related experience
• Strong written and oral communication skills and the ability to positively engage with the business community and IT management, staff and customers.
• 2 years related experience with cloud security architecture and design such as Azure, AWS and IBM
• Specific information security experience and CISSP required.

• Strong knowledge of security architecture for applications and infrastructure.
• NIST CSF framework experience desired.
• Ability to relate business requirements and risks to technology implementation for security-related issues.
• Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies.
• Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized technical expert.
• Self-driven, highly motivated with a strong customer focus. Strong analytical and problem-solving skills. Solid project management skills, especially in a cross-functional environment.
• Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people.
• Previous experience working with third party providers.