Security Engineer Principal Job Description
Security Engineer Principal Duties & Responsibilities
To write an effective security engineer principal job description, begin by listing detailed duties, responsibilities and expectations. We have included security engineer principal job description templates that you can modify and use.
Sample responsibilities for this position include:
Security Engineer Principal Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Engineer Principal
List any licenses or certifications required by the position: CISSP, CISM, CISA, IAT, GSLC, CASP, IAM, CE, III, AWS
Education for Security Engineer Principal
Typically a job would require a certain level of education.
Employers hiring for the security engineer principal job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Primary Degree in Computer Science, Engineering, Technical, Information Technology, Information Security, Technology, Management, Religion, Communication, Project Management
Skills for Security Engineer Principal
Desired skills for security engineer principal include:
Desired experience for security engineer principal includes:
Security Engineer Principal Examples
Security Engineer Principal Job Description
- Drive the enhancement of the MSSP with threat intelligence and forensic capabilities
- Serve as technical SME for MSS topics with peer organizations
- Assess technological business initiatives to identify the threat landscape and security requirements, create technical documentation and solution overviews, and provide guidance on risk mitigation strategies for identified threats and vulnerabilities
- Participate in public security projects and or volunteer time and knowledge to improve the broader security community, representing the company’s mission and goals, promoting cooperation and knowledge sharing
- OIDS/IPS
- OLog aggregation and analysis
- OVulnerability scanning and assessment
- OAudit and compliance validation
- OWeb application firewall (WAF)
- OFile integrity monitoring (FIM)
- Log correlation and management
- Experience in Information Assurance Management
- Experience providing Intrusion Detection System (IDS), Host Based Security System (HBSS) and firewall support
- Experience with Operating Systems, Virtualization, Storage, Control Plane, Monitoring and other cloud technologies
- Must include storage linux administration ability
- Thorough knowledge and understanding of the U.S. Special Operations community
Security Engineer Principal Job Description
- Execute strategic security plans for systems, appliances, devices and datacenter infrastructure to prevent incidents that impact confidentiality, availability and integrity of data and infrastructure
- Assess SDLC processes and provide guidance on increasing security review coverage
- Identify toolsets and vendors, drive adoption and implementation
- Serve as incident leader on IT Security incident response teams
- Provide subject matter expertise on security within cross-functional teams to enhance security of systems and infrastructure
- Define security standards, policies and best practices for the technology stacks in use globally
- Create secure configuration templates, baselines and architecture standards to enable hardening of the platform
- Lead threat modeling activities on new systems / services and provide remediation guidance
- Prototype and recommend solutions for technical teams
- Periodically and proactively identify security risks and build solutions for effective risk management
- Experience with installation configuration and maintenance requirements of end-user devices
- Bachelor’s degree in related field or relevant security experience
- Proficiency in modern programming languages (Java, C++, Ruby, Python, Perl)
- Perform risk analysis, vulnerability and security assessments
- OMonitoring, alerting, and logging
- Knowledge and understanding of OWASP Top 10
Security Engineer Principal Job Description
- Accountable for the implementation of complex security systems including the integration of those systems into myriad operational products, hosting environments
- Works with product, server, and network teams to identify specific 'touch points' within the environment, then develop and implement technical interfaces to feed security log data into common security tools
- Performs detailed forensics analysis of security incidents through multiple iteriative review of log files from various systems, then identify potential attack vectors, testing various possible attack vectors, then determining most probably attack path
- Accountable for correctly identifying security vulnerabilities with 100% accuracy, then designing and executing on remediation plans involving the acquisition, design, test, integration, and implementation of advanced security tools
- Lead crisis teams that respond to alerts and approve system configuration changes in respond to advanced threats and attacks
- Responsible for the operations and maintenance of all the organizations threat detection and prevention tools, adjusting configurations to respond to a changing threat environment
- Must to identify cyber security threats and perform analysis based on threat vectors and identified vulnerabilities and build solutions to reduce the risk level
- Must possess the skills to perform research independently, identify pertinent information for evaluation, and develop potential solutions and alternate courses of action
- Must possess the skills to automate solutions using various scripting tools
- Analyze system security architectures and make recommendations for security design and requirements
- Security related technologies and solutions (firewalls, IPS, WIDS, WAF, SIEM, DLP, RMS, vulnerability scanner, web proxy, endpoint security, etc)
- Ability to work on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors
- Possess a security mindset and help instill in other team members
- Proficiency with OSPF and BGP routing protocols
- Comprehensive knowledge of routers
- Understanding of Regulatory Requirements/Compliance/Internal Controls
Security Engineer Principal Job Description
- Management of security controls on the network and host
- Mature endpoint protection strategy, including the consolidation, enhancement of anti-virus, malware protection, host posturing, application whitelisting and cyber threat defense solutions
- Build integration and automation on data feeds from all security controls
- Initiate automated detection/remediation actions and further research controls and countermeasures where required
- Contributing to the creation of tools and automation technologies to make common tasks more efficient
- Drive to enhance and tune detection and protection capabilities
- 5+ years’ experience in a Sr./Principle security engineer role
- Minimum of five years network/security engineering experience with Network Firewalls (Next Gen) and inline tech’s
- Experience in a security operations center managing security controls on the network and host
- Background in network engineering/administration (routers, switches, firewalls, TCP/IP, OSI Model, Linux)
- Possesses a highly specialized level of technical expertise or business acumen
- Extensive breadth and depth of knowledge arrived through exposure to emerging technical advancements or complex business situations
- Extensive experience working with Cisco and Checkpoint technologies
- Mines customer data to provide improvements in products and services or to offer broader and better solutions
- Achieves high levels of performance through personal effectiveness, team leadership, and performance management processes
- Proactively manages own work through thinking ahead and prioritization
Security Engineer Principal Job Description
- Work closely with enterprise architects, other functional area architects and analysts to ensure adequate security solutions are in place throughout all IT systems to mitigate identified risks sufficiently, while meeting business objectives & regulatory requirements
- Serves as a business liaison between the business units and/or internal The Enterprise resources (such as, infrastructure, applications, and IT services)
- Ensures that business and technical requirements are aligned to policy and are implemented within regulatory and contractual compliance
- Facilitate security audit and assessment activities globally, as needed
- Maintain knowledge of all aspects of information security and compliance, including PCI, SOC, and HIPAA requirements for information systems and industry best practices
- Supervise forensic investigations/analysis, including collaboration with governmental agencies, as needed
- Design, architect and build security solutions, frameworks, automation and orchestration to secure Cloud Infrastructure and Applications
- Design and develop standards, frameworks and solutions to secure CI/CD pipeline
- Develop a roadmap for future work, track progress against it, and help the team to achieve its goals
- Design and build security solutions, frameworks, automation and orchestration to secure Cloud Infrastructure and Applications
- 10+ years of overall engineering experience (currently coding)
- 3+ yrs experience of building application security features, frameworks, libraries and tools
- 2 + yrs experience building and operating mission critical, highly available distributed systems in a 24x7 environment
- Enjoy working on challenging and complex problems
- Advanced experience with .NET/Java/C++ or other OOP language 8+ yrs
- Expertise with testing tools (Burp, Fortify)