Security Engineer

The MSRB is looking for a committed and driven Information Security Engineer with a broad understanding and appreciation of multiple security domains, and deep expertise in at least one.

We expect our team members to demonstrate technical proficiency as well as strong communication and collaboration abilities. The Security Engineer will contribute directly to hands-on, operational processes and will be empowered to proactively drive change at the program and organizational level. Candidates should demonstrate knowledge and understanding of Information Security principles, frameworks, and concepts along with excellent communications skills and a desire to learn and grow.

The Information Security Engineer is responsible for securing the MSRB by supporting existing controls and processes and through leading efforts to continually improve security across multiple dimensions and domains, including MSRB Web Applications, Cloud environments, networks, SaaS platforms, and enterprise systems. The engineer will support operational security processes as a key escalation point and by directly triaging a portion of our security alerts, phishing reports, vulnerabilities, and end-user requests. We expect the Engineer to work effectively with internal stakeholders, including the information security team, MSRB leadership, developers, system, database, and network administrators, and with external vendors including Cloud Service Providers and Managed Security Providers.

The Engineer will be responsible for proactively improving security by identifying and implementing new tools and controls, enhancing existing controls, and monitoring the evolving threat environment to make informed recommendations and changes.

Essential Duties and Responsibilities:

1. Operational Oversight and Support:

• Serve as a key escalation point within the security team, providing guidance for effective resolution.
• Directly triage and respond to security alerts, phishing reports, and end-user requests on a regular basis.
• Identify and resolve issues in MSRB controls, systems, and applications.
• Lead and support maintenance and troubleshooting activities for the Information Security program.
• Lead and support vulnerability management processes, such as scanning, assessments, penetration testing, and remediation efforts.

2. Architectural Excellence and Resilience:

• Design and implement robust security measures, including for web applications, cloud infrastructure, and enterprise systems.
• Effectively identify and resolve issues in web applications using web application code security tools and by working proactively with developers.
• Identify and implement best practices to secure web applications against potential threats.
• Provide risk-based recommendations for improving new and existing architectures.
• Monitor for and ensure compliance with relevant regulations, standards, organizational policies, and best practices, including cloud standards and best practices.

3. Continuous Improvement and Attack Surface Reduction:

• Proactively monitor and understand the evolving threat environment and cybersecurity developments.
• Ensure that the MSRB adapts to the changing security landscape, making informed recommendations for adjustments to configurations, security controls, and technology platforms.
• Identify and implement new security tools and controls to enhance the organization's security posture.
• Build and improve custom detections in anti-malware and SIEM platforms.
• Automate controls and processes where possible.

4. Enterprise Security:

• Apply expertise in enterprise security, including networking and security measures for systems in physical offices, end-user laptops, conference room computers, etc.
• Identify configuration issues and improvement opportunities.
• Lead and assist defense-in-depth efforts.
• Review and improve security-related SaaS configurations.
• Lead Identity and Access Management efforts.

5. Collaboration, Coordination, and Incident Response:

• Lead incident response efforts, coordinating with cross-functional teams for swift and effective resolution.
• Improve the MSRB Incident Response plan and lead other efforts to improve readiness, including by supporting cybersecurity tabletop exercises.
• Regularly engage with key MSRB vendors, including the Managed Security Service Provider (MSSP).
• Monitor, understand, and adapt to the evolving threat environment and cybersecurity developments, making informed recommendations for adjustments to configurations, security controls, and technology platforms.

6. Security Policy and Processes:

• Develop and maintain comprehensive security policies and procedures.
• Design, document, implement, maintain, and report on security controls, processes, requirements, standards, and guidance.
• Monitor and ensure compliance with security policies and procedures across the organization.

7. Communication, Education, and Security Awareness:

• Assist with selection and management of security awareness courses, simulated phishing campaigns, and other routine education exercises.
• Conduct security awareness training sessions for employees.
• Communicate security policies and best practices to end-users, fostering a security-conscious culture.
• Evaluate emerging technologies and educate staff on associated risks and benefits.

Qualified candidates will possess seven years’ experience and expertise in enterprise security, including detection and detection engineering, incident response, Identity and Access Management (IAM), networking and endpoint security, is desirable. We welcome candidates with strong Cloud or application security backgrounds with a willingness to develop expertise in additional security specialties.

They will also have the following capabilities:

• Critical Thinking
• Good Judgment
• Initiative
• Collaborative Spirit
• Influence

We are proud to be a collaborative organization that values diversity, equity and inclusion. We offer comprehensive benefits that support our employees’ overall mental and physical health and wellness. We aim to empower our employees with the resources they need to achieve a successful work-life integration.

A resume must be attached for full consideration. All applicants must demonstrate their ability to work in the U.S. without current or future employer sponsorship. No exceptions will be made.