The Principal Security Engineer is responsible for the design, implementation, and management of comprehensive security measures that protect NYSERNet’s network infrastructure, data, and systems from cyber threats and vulnerabilities.
Responsibilities
Security Architecture and Strategy:
- In collaboration with the CISO, oversee and manage the day-to-day internal operations of the information security program, while aligning initiatives, policies, and procedures with core business objectives.
- Design and implement NYSERNet’s security architecture strategy, including security controls, frameworks, and standards to mitigate risks and ensure compliance with industry regulations and best practices.
- Collaborate with IT and network engineering to design, implement, and manage advanced security measures in a hybrid on-premise and multi-cloud environment, including but not limited to firewalls, intrusion detection/prevention systems, access controls, encryption protocols, web application and identity and access management solutions.
- Partner with engineering to conduct thorough threat models and security assessments to identify potential vulnerabilities and prioritize remediation efforts.
Security Assessments and Incident Response:
- Lead and execute coordination of security audits, penetration tests, and vulnerability scans to identify and remediate security weaknesses.
- Manage the vulnerability lifecycle, including prioritization, remediation, and verification of fixes.
- Lead incident response efforts, coordinating with internal teams and external stakeholders to mitigate security incidents promptly.
- Conduct forensic investigations to analyze security incidents, identify root causes, and implement corrective actions.
- Evaluate, recommend, and implement new security technologies and tools to strengthen defensive capabilities and improve incident response efficiency.
Security Standards, Controls and Governance:
- Establish and maintain a comprehensive security governance program to ensure the alignment of security initiatives with business objectives and regulatory requirements.
- Develop, implement, and maintain security policies, procedures and controls in alignment with industry-standard frameworks such as NIST, CIS, ISO 27001, and others.
- Conduct risk assessments to identify and mitigate security risks and develop risk management strategies to protect critical assets and data.
- Develop and implement security awareness training programs for employees to support a culture of security throughout the organization.
Cross-Functional Collaboration:
- Collaborate with cross-functional teams to integrate security into business processes and ensure alignment of security initiatives with regulatory requirements and contractual obligations.
- Collaborate with IT and engineering teams to integrate security controls into network and application architecture to ensure the secure configuration and deployment of network devices, applications, and services.
- Communicate effectively with executive leadership, stakeholders, and customers to provide updates on security initiatives, incident response activities, and the overall security posture of NYSERNet.
- Serve as a subject matter expert on security-related matters, providing guidance and recommendations to support informed decision making.
- Stay abreast of emerging threats and industry best practices to continually enhance the organization's security posture.
Qualifications
- Bachelor's degree in computer science, information security, or a related field is preferred but not required.
- Candidates should have 5+ years of proven experience as a security engineer with a focus on network, cloud, application, and offensive security, or 7+ years of proven experience as a security engineer.
- Strong expertise in on premise and public cloud service providers (e.g. Amazon AWS, Microsoft Azure), networking security technologies and web application development.
- Proficiency with at least one scripting language (e.g. Powershell, Python, or similar)
- Proven track record of designing and implementing comprehensive security architectures, frameworks, and controls to protect large-scale network infrastructures.
- In-depth knowledge of regulatory requirements such as GDPR, HIPAA, PCI DSS, and relevant cybersecurity frameworks (e.g., NIST Cybersecurity Framework, ISO 27001) is essential.
- Excellent analytical and problem-solving skills, with the ability to analyze complex security issues, evaluate alternative solutions, and make strategic decisions that balance security and business objectives.
- Exceptional communication and interpersonal skills, with the ability to effectively communicate technical concepts to non-technical audiences and influence stakeholders at all levels of the organization.
- Strong project management skills with the ability to prioritize, resource and manage multiple projects effectively.
- Ability to work independently while also working cohesively as part of a team.
- Ability to travel 1-2 times per month to the NYSERNet office, company or community events.
Working Conditions
- Remote position with flexible work hours.
- Proximity to New York required for agile travel.
- Occasional evenings, nights and weekend work needed.
About NYSERNet
NYSERNet has and continues to deliver next-generation internet services to the research and education community for forty years. A trailblazer in research networking, NYSERNet is a member governed organization, with members from leading universities, colleges, K-12 schools, Regional Information Centers (RIC), museums, healthcare, and research institutions. NYSERNet is a vibrant, stable, and well-recognized organization, poised to further grow its services, membership and mission.
NYSERNet is a 501(c)3 private not-for-profit corporation created in service of advancing science, research and education.
NYSERNet is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, familial status, marital status, military service and veteran status, physical or mental disability, genetic information, domestic violence victim status, reproductive health decision-making, or any other characteristic protected by applicable federal, state or local laws and ordinances. NYSERNet is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities, access to facilities and programs and general treatment during employment.