Address
Form of work
SalarySenior Security Engineer
Wilmington, DE or Remote
Monday - Friday
CSC is looking for a Security Engineer (SE) to join our team and help build an Engineering discipline with a focus on guiding the development and implementation of company-wide security controls within our technology platforms. These platforms will help enable our significant programs and transform CSC by organizing and optimizing Enterprise Technology (ET) services to serve our business partners.
The SE will be responsible for the establishment and maintenance of a defense in depth engineering discipline across ET using a cross-functional approach, leveraging subject matter expertise from the areas of architecture, engineering, ET, and Business Unit (BU) application portfolio teams.
Leadership: The SE will establish and maintain the overall approach to defense in depth engineering. The SE will build and leverage a cross-functional team to establish, execute, and govern Security Engineering standards and best practices.
The SE develops, implements, and maintains defense in depth engineering standards and policies. The SE also acts as a mentor to key development personnel, assisting in the execution of duties upon request, and readying these key personnel for the occupation of this position.
Strategy: The SE develops and implements engineering strategies meant for the development of technology tools and processes required to drive defense in depth controls for current and future technical platforms.
The SE will also facilitate and perform evaluations to ensure critical system security controls are implemented.
The SE also develops a strategy to help system engineering discipline develop and mature.
Collaboration: The SE plays a highly collaborative role where they work closely with Enterprise Security and Enterprise Architecture team members in defining long-term strategies and roadmaps as well as with ET & BU Engineering leads to establish security in depth engineering standards and best practices.
- Work with Enterprise Security to understand assets, risks, and necessary controls in depth.
- Work with Architecture to influence strategy and roadmaps.
- Work with ET and BU technology leads to establish and maintain defense in depth across functional teams.
- Work with the cross-functional team to create, execute and govern security in depth standards and best practices.
- Collaborates in the design of the technical platform and systems as required. Collaborates in the selection, acquisition, and adoption of new technologies as required.
Knowledge: Successful candidates will have a rich technical and business background in cybersecurity architecture and the ability to effectively communicate technical and business risk to appropriate audiences. This role works alongside our engineers to develop and mature expertise in the development and implementation of cybersecurity controls to mitigate risk and strengthen our security posture.
Some of the things you will be doing:
- Guide engineers in the development and implementation of security controls.
- Provide technical leadership and guidance in support of security controls.
- Assist in defining and implementing security architectures, in compliance with established control frameworks, and standards that align with business objectives and support the overall security posture of the organization.
- Support product security architecture activities and drive architecture standardization across products and environments.
- Design, own, and assist with implementation of the risk-driven enterprise security architectures supporting critical business initiatives.
- Drive and further mature the definition and maintenance of the end-to-end architecture for security domains in partnership with established capability owners.
- Align enterprise security principals, standards, and guidelines to enterprise security architecture framework.
- Support implementation of Defense in Depth and Zero Trust Architectural principles.
- Guide Security Engineering in the selection and architectural design of new security solutions, including network, application, and data security.
- Review, update, and approve architecture designs from other areas of the business to ensure they meet necessary security requirements.
- Ensure that security capabilities and controls are in place to protect against potential threats.
- Stay up-to-date with the latest security technologies, trends, and threats, and recommend appropriate security measures.
- Support ongoing threat assessments to identify vulnerabilities and recommend appropriate security measures.
- Participate in incident response activities, including investigations, analysis, and recovery efforts.
- Promote security awareness training and guidance to internal teams and stakeholders.
- Guide development of third-party vendor security practice assessment and evaluation criteria and ensure compliance with company standards.
What technical skills, experience, and qualifications do you need?
- Highly self-motivated and directed.
- Ability to translate broader business initiatives into clear team objectives and concrete individual goals, aligning appropriately with other groups for efficient, coordinated action.
- Ability to work collaboratively across organizational lines.
- Excellent analytical and creative problem-solving skills.
- Ability to coach and mentor technical skills, method, and critical thinking.
- Excellent listening, interpersonal, written, and oral communication skills.
- Value-based & Principle-based decision making.
- Ability to exercise independent judgment and act on it.
- Logical and efficient, with keen attention to detail.
- Excellent communication and execution of IT strategies.
- Strong understanding of network design, client/server architecture and cloud security across multiple cloud providers.
- Experience with threat modeling and product security architecture.
- Excellent communication and interpersonal skills, with the ability to build strong relationships with stakeholders and work collaboratively across teams.
- Strong problem-solving skills and the ability to think creatively to develop innovative solutions to complex security challenges.
- Ability to work independently and manage multiple priorities in a fast-paced environment.
- Awareness and understanding of the Information Security threat landscape.
- Ability to contribute to organizational strategic thinking beyond area of responsibility.
- Demonstrated experience in working with a geographically dispersed team.
- Familiarity with SABSA (Sherwood Applied Business Security Architecture) framework is highly desirable.
- Strong understanding of security technologies, standards, and frameworks, including FFIEC, ISO/IEC 27001 and NIST.
- Strong understanding of secure software development lifecycle (SDLC) processes and frameworks such as OWASP. Relevant certifications, such as CISSP, SANS certifications or Microsoft certifications or SABSA, are highly desirable.
#LI-SP1
