Cyber Security Engineer

Cyber Security Engineer

Department:
Managed Services

Reports to:

Enterprise Architect

FLSA Status:
Exempt

Manages and maintains the organization’s cybersecurity infrastructure to protect internal and external networks, systems, and data from security breaches and cyber threats. Serves as a subject matter expert on security operations, incident response, and threat mitigation providing guidance and recommendations to internal teams and clients to safeguard their digital assets and ensure secure, efficient network operations.

• Administer, configure, and maintain the organization’s security technology stack, including identity and access management systems such as Active Directory and Microsoft Entra, ensuring proper authentication, authorization, and policy enforcement.
• Implement, tune, and optimize security tools and technologies to strengthen the organization’s security posture, including evaluating and integrating AI-driven security solutions and automation to enhance threat detection and response.
• Monitor networks, endpoints, and systems using security monitoring platforms and SIEM tools to detect breaches, intrusions, and anomalous activity.
• Analyze network traffic, security logs, and alerts to identify, investigate, and respond to potential threats and vulnerabilities.
• Develop, maintain, and execute incident response plans, conduct digital forensics and incident response (DFIR) investigations to determine root cause, scope of compromise, and impact.
• Coordinate with clients and internal teams to contain, remediate, and recover from security incidents while minimizing data loss and operational disruption.
• Conduct vulnerability assessments, penetration testing, and risk analyses across networks, systems, and applications, prioritizing remediation based on risk and business impact.
• Ensure systems and networks comply with applicable industry regulations and security frameworks (e.g., NIST, ISO 27001, CIS) through security audits, assessments, and policy enforcement.
• Develop, maintain, and update security and compliance documentation, including policies, procedures, and incident reports.
• Stay informed of emerging threats, vulnerabilities, and cybersecurity trends to proactively identify risks and recommend security improvements through training and professional development opportunities.
• Participate in client meetings and presentations to discuss security assessments, incident findings, and risk mitigation strategies.
• Provide technical guidance and recommendations to clients and internal teams on security best practices and emerging threats.
• Performs other duties as assigned by management. *

The duties and responsibilities outlined herein are intended to describe the general nature and level of work performed by employees in this position. This list is not exhaustive, and the employee may be required to perform other duties as assigned to meet the organization’s needs.

• Strong knowledge of cybersecurity principles, frameworks, and best practices (e.g., NIST, ISO 27001, CIS Controls, MITRE ATT&CK).
• Knowledge of network protocols, services, and architecture including TCP/IP, DNS, DHCP, HTTP/S, SSL/TLS, VPN, routing/switching, firewalls, intrusion detection/prevention systems, endpoint protection platforms, and overall network security design.
• Knowledge of operating system architecture and security for Windows, Windows Server, Linux distributions, and macOS.
• Knowledge of identity and access management technologies including Active Directory and Microsoft Entra, authentication mechanisms, Group Policy, conditional access, certificate services, directory administration, and privileged access management concepts.
• Knowledge of penetration testing methodologies, offensive security techniques, common attack vectors, exploit frameworks, and vulnerability assessment practices.
• Knowledge of digital forensics and incident response (DFIR) processes and tools.
• Knowledge of email security, phishing mitigation, threat intelligence platforms (e.g., Proofpoint), application whitelisting, and zero-trust security models.
• Knowledge of third-party risk management, vendor security assessment tools, ITSM platforms, and security workflow integration.
• Knowledge of AI and machine learning applications in cybersecurity, including automated threat detection and response.
• Skill in scripting and automation using Power Shell, with working proficiency in additional scripting languages such as Python, Bash, or similar.
• Skill in penetration testing, vulnerability scanning, and red team/blue team exercises.
• Skill in digital forensics analysis, including log analysis, memory forensics, and disk imaging.
• Skill in administering and hardening Linux-based servers and services.
• Skill in configuring and troubleshooting Active Directory and Microsoft Entra environments, including hybrid identity configurations.
• Skill in analyzing security logs, network traffic captures, and SIEM alerts to identify indicators of…