Apply on Employer Site

LexisNexis · 3 months ago

Security Engineer II

Raleigh, NC

Full-time

Onsite

Mid Level

$64K/yr - $106K/yr

LexisNexis is a global provider of information-based analytics and decision tools for professional and business customers. The Security Engineer II will focus on continuous control monitoring for the FedRAMP environment, ensuring compliance with federal security standards and working closely with internal and external auditors.

AccountingLegalRisk ManagementSoftware

No H1B

U.S. Citizen Only

Responsibilities

Support Continuous Monitoring activities for FedRAMP and other compliance functions including, but not limited to NIST 800-53, ISO 27001 and Service Organization Control audits

Update Continuous Monitoring documentation including Plan of Action and Milestones (POA&M), Deviation Requests and Monthly Executive Summary

Perform a variety of daily activities to ensure FedRAMP security controls remain in compliance. Includes monitoring and assessing daily vulnerability reports related to FedRAMP-authorized systems to ensure compliance with federal security standards

Identify, track, and report emerging threats and vulnerabilities, coordinating with internal teams to support timely remediation efforts

Ensure all FedRAMP Continuous Monitoring documentation is submitted in a timely manner

Work closely with internal and external auditors and act as a liaison to collect, prioritize and distribute details for FedRAMP audit

Maintain awareness of updates to FedRAMP requirements and integrate relevant changes into monitoring processes. Requires monitoring laws and regulations to maintain FedRAMP ATO status

Ability to work with multiple teams to drive reduction in risks and improve overall compliance

All other duties as assigned

Qualification

Control assessmentVulnerability managementSecurity frameworksSecurity toolsSecurity automationMicrosoft Power AutomateMonitoring security systemsWeb-based environmentsProblem-solving skillsCommunication skillsInterpersonal skills

Required

Experience in control assessment, third party risk and/or cybersecurity

Foundational knowledge of security frameworks (FedRAMP, ISO27k, NIST, etc.)

Proven experience in vulnerability management, including identification, assessment, tracking, and remediation of security vulnerabilities across enterprise environments

Hands-on experience with security tools such as vulnerability scanners and SIEM platforms

Experience with security automation using scripting languages

Proficiency in Microsoft Power Automate, including building, maintaining, and troubleshooting automated workflows to support business and security operations

Excellent problem-solving skills and ability to work independently or collaboratively in a fast-paced environment

Good communication (verbal and written), interpersonal, with the ability to interact with key stakeholders to convey the operational impact of cybersecurity issues in a confident, organized manner

Ability to monitor security systems for threats

Good problem-solving skills

Foundational knowledge of security environments

Installation/troubleshooting in web-based environments

***Must have US Citizenship***

Benefits

Health Benefits: Comprehensive, multi-carrier program for medical, dental and vision benefits

Retirement Benefits: 401(k) with match and an Employee Share Purchase Plan

Wellbeing: Wellness platform with incentives, Headspace app subscription, Employee Assistance and Time-off Programs

Short-and-Long Term Disability, Life and Accidental Death Insurance, Critical Illness, and Hospital Indemnity

Family Benefits, including bonding and family care leaves, adoption and surrogacy benefits

Health Savings, Health Care, Dependent Care and Commuter Spending Accounts

In addition to annual Paid Time Off, we offer up to two days of paid leave each to participate in Employee Resource Groups and to volunteer with your charity of choice