Be an early applicantLess than 25 applicants

Company

Echo Global Logistics · 7 hours ago

Principal Security Engineer

United States

Full-time

Remote

Lead/Staff

Maximize your interview chances

ConsultingLogistics

H1B Sponsor Likely

Insider Connection @Echo Global Logistics

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead by example in guarding the confidentiality, integrity, and availability of Echo’s critical technology services.

Lead enhancement of security architecture by ensuring proper implementation, maintenance and validation of essential controls across the Echo landscape including perimeter, identity, endpoint, application, data, and cloud components.

Guide the maintenance, enhancement, and enforcement of cybersecurity policies, standards, and frameworks.

Design and enhance security metrics and reporting systems to communicate security posture and progress in closing gaps.

Scope and conduct red-team exercises (internal or 3rd party engagement) to assure security posture of critical assets. Implement remediation plans to address gaps.

Enhance email security measures to continue detecting and preventing phishing attacks, reinforcing a secure communication environment and protecting users from email-based threats. Leverage existing tools, while identifying and assessing emerging tools for use in an optimized future-state.

Provide oversight on firewall and network device configurations, ensuring alignment with policies and industry best practices. Lead regular zero-based rules reviews to maintain optimal, policy-compliant network security configurations.

Provide technical expertise and guidance for core incident response activities, working with team, logging tools, and SOC provider to ensure an effective response.

Propose and support use-cases for automated incident response protocols.

Proactively identify and address potential threats through regular monitoring, log analysis, and strategic service segmentation. Collaborate with external partners to share threat intel and maintain a robust playbook for tactical responses.

Maintain and enhance Echo’s SIEM capabilities, ensuring the effectiveness of IDS/IPS, NADS, and continuous security monitoring and alerting systems.

Ensure cloud security is seamlessly integrated into the overall security strategy and operations.

Evaluate and deploy advanced detection tools to cloud-native environments.

Champion cloud security initiatives that align with organizational goals, enhancing resilience across both on-premises and cloud environments.

Support regulatory compliance audits, data governance activities, and DLP controls.

Advocate for MDM policies, secure data disposal, and future-proofing remote access modalities.

Strengthen external connection security and align data protection programs with recovery objectives.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Secure coding practicesVulnerability assessmentsNetwork protocolsCloud securityDigital forensics toolsEthical hacking toolsIncident responseLog analysisISO/IEC 27001NIST standardsCIS standardsAdvanced domain certificationsCross-functional collaboration

Required

Understanding of secure coding practices, vulnerability assessments, common software vulnerabilities, and frameworks for communicating the same.

A meticulous approach to identifying vulnerabilities and flaws in systems and code.

Deep knowledge of network protocols, firewalls, VPNs, and intrusion detection/prevention systems.

Knowledge of encryption suites, key management, and secure comms protocols.

Experience in identifying, prioritizing, and mitigating enterprise security threats.

Experience in securing cloud infrastructure and services in production, at scale.

Knowledge of digital forensics tools and tactics.

Familiarity with ethical hacking testing tools and techniques.

Ability to detect, prioritize, analyze, and respond to security incidents effectively.

Ability to assess and prioritize security risks in alignment with business goals.

Skills in analyzing logs and other data to detect anomalies and potential threats.

Ability to build and execute plans that include security and other tech resources.

Ability to communicate security issues to stakeholders of at various levels in org.

Experience working with cross-functional teams to implement security controls.

Experience training, teaching, and providing mentorship on security best practices.

Strong decision-making skills, under pressure and with incomplete information.

Ability to advocate for security needs and influence leadership to support initiatives.

A forward-looking perspective to anticipate and address emerging security threats.

Knowledge of standards including ISO/IEC 27001, NIST, and CIS. Ability to support audits to ensure compliance with legal and regulatory requirements.

Preferred

Advanced domain certifications that demonstrate expertise and leadership in a variety of cybersecurity domains are preferred. Examples include: ISC2 (CISSP, CCSP), CISM, CISA, SANS / GIAC (GSE, GSLC, GCIH, GCIA, GPEN), DRII (CBCP), OSCP, CEH, AWS (Solutions Arch, SysOps Admin, Advanced Networking, Security).

Company

Echo Global Logistics

Glassdoor

3.9

Echo Global Logistics is a technology-enabled BPO service provider, serving the transportation and logistics needs of its clients.

Founded in 2004

Chicago, Illinois, USA

1,001-5,000 employees

http://www.echo.com

H1B Sponsorship

Echo Global Logistics has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (1)

2022 (2)

2020 (1)