This job has closed.

Pharmavite · 2 days ago

Sr. Security Engineer/Incident Response Lead

United States

Full-time

Remote

Mid, Senior Level

$117K/yr - $195K/yr

6+ years exp

Pharmavite is a company focused on complete nutrition and is seeking a Senior Security Engineer to safeguard their digital assets. This role involves implementing security measures, responding to incidents, and collaborating with various teams to enhance the organization’s cybersecurity posture.

Dietary SupplementsHealth CareNutrition

Growth Opportunities

No H1B

Responsibilities

Provide front-line support for all information security-related issues, guiding secure infrastructure deployments and consulting on secure application development

Manage SSL certificates and encryption keys. Monitoring and responding to emerging threats

Lead security compliance efforts across partner organizations, performing risk analysis on large-scale compliance/remediation efforts, partnering with legal and other business units as needed

Coordinate security compliance efforts by performing regular application and infrastructure vulnerability assessments, evaluating, and recommending operating systems and application patches. Review and recommend new security products as necessary

Conducts regular audits of systems to ensure security standards and processes are being followed. Participates in and leads internal and external security audit interactions

Conduct thorough risk assessments to identify potential security vulnerabilities and threats. Develop risk mitigation strategies and prioritize security controls to address high-risk areas effectively

Ensure compliance with relevant regulations, standards, and frameworks by conducting security audits and assessments. Develop and enforce security policies, procedures, and guidelines to align with regulatory requirements and industry best practices

Provides consultancy to internal customers on risk assessment, threat modeling, and fixing vulnerabilities. Collaborates with peers and user communities to define projects and prioritize resources

Contributes to the development of security policies and processes and fosters a culture of security awareness among employees through regular training programs and communication initiatives

Stay abreast of emerging technologies and trends in cybersecurity and evaluate and implement appropriate solutions to address evolving threats

Qualification

Cybersecurity principlesIncident responseVulnerability assessmentsRisk managementSecurity certificationsNetwork securityCloud securityPenetration testingAnalytical skillsCommunication skillsProblem-solving skills

Required

Requires a four (4) year college or university degree in Computer Science, Business Administration, or related field and/or relevant equivalent experience

Minimum of 6 years of experience in enterprise cybersecurity with a proven track record of leading security initiatives, managing security projects, and providing strategic guidance on security matters

Minimum of 3 years of experience with secure data handling methodologies, data leakage prevention, and development

Deep understanding of cybersecurity principles, technologies, and best practices, along with strong analytical and problem-solving skills

An understanding of the organization's industry, business model, and objectives is crucial for aligning security efforts with business goals

Technical knowledge across a broad spectrum of security engineering, including systems and network security, database security, authentication and security protocols, cryptography, and application security (including secure code development techniques)

The ability to develop and execute cybersecurity strategies that align with business objectives and can anticipate future threats and develop proactive measures to mitigate risks

Deep knowledge of risk management principles and practices, and adept at assessing cybersecurity risks, implementing controls to mitigate those risks, and effectively managing incidents when they occur

Strong technical background in areas such as network security, cloud security, cryptography, and penetration testing

Understanding of the technical aspects of security and the ability to effectively communicate with technical teams

Hands-on experience leading one or more of the following functions: GLBA/privacy, third-party risk management, cyber resilience planning/response, or strategy/board reporting

Detailed understanding of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

Knowledge of industry-standard security methodologies

Broad and current knowledge of regulatory and voluntary standards for information security and privacy

Background in selecting and partnering with external partners on technology development and ongoing support

Exceptional communication skills and the ability to facilitate crucial conversations at all levels of the organization