Security Principal Job Description
Security Principal Duties & Responsibilities
To write an effective security principal job description, begin by listing detailed duties, responsibilities and expectations. We have included security principal job description templates that you can modify and use.
Sample responsibilities for this position include:
Security Principal Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Principal
List any licenses or certifications required by the position: CISSP, CISA, CISM, AWS, SANS, CEH, GIAC, CCSP, GCIH, CCIE
Education for Security Principal
Typically a job would require a certain level of education.
Employers hiring for the security principal job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Primary Degree in Computer Science, Engineering, Technical, Information Technology, Information Security, Technology, Management, Computer, Communication, Architecture
Skills for Security Principal
Desired skills for security principal include:
Desired experience for security principal includes:
Security Principal Examples
Security Principal Job Description
- Provide guidance, oversight and the implementation and consistent operation of a world-class information security governance, security risk management and compliance programs
- Collaborate with key stakeholders to validate, verify and address control deficiencies and remediation plans
- Assist in operationalization of strategic initiatives including foundational and operational risk management and governance programs
- Coordinate with customer security representatives to process security clearances
- Review security paperwork for accuracy and submission via e-QIP/SF 86 and/or other methods
- Maintain current SOP, SSP, Access lists, and other program related documents required by the PSO/GPSO/CSA
- Receipt, dispatch, destruction, and control of classified documents
- Support overall site Security in addition to supporting SAPs, to include OPSEC, Insider Threat, Classification Management, Security Awareness, COMSEC, conduct security reviews of technical papers, and create/maintain DD 254’s
- Additional duties will also include administering security training, indoctrinations and debriefings, audits, visitor control, process requests for investigations, and prepare personnel access request (PAR) as required
- Identify innovative solutions to further harden our technology stacks, eliminating or mitigating entire classes of vulnerability in the process
- Familiarity or experience with business driven security architecture methodologies like SABSA, OpenGroup
- CISSP and or CISA required and other security-focused certifications a plus (CCSP, CEH, AWS)
- Design and deployment of Enterprise Security technologies and solutions Firewalls, IDS/IPS, SIEM, Malware detection & analytics, Vulnerability scanning Data Loss Prevention Services such as rule expansion, endpoint protection and data protection
- Demonstrated skills in the entire Microsoft desktop suite (Word, Excel, Power Point)
- Minimum ten (10) years of information security and/or enterprise architecutre experience in increasing responsible roles required
- Professional certification in information security (for example, CISSP, CISM or CEH) a plus
Security Principal Job Description
- Scope and author one-off engagement proposals
- Shift client interest from one-off to packaged offerings
- Convert professional opportunities, such as conferences, into engagements
- Differentiate our offerings/approach from competitors and sell past objections
- Responsible for monitoring the effectiveness of Cloud's information security arrangements
- Responsible for engaging with staff so they are aware of, and understand their information security responsibilities as employees
- Provide thought leadership on emerging security threats, mitigation techniques and trends
- Develop cross-company, globally-applicable policy positions on cloud security and related topics strategies to help advance them in the U.S. and internationally
- Learning to identify areas of IT risk in the client environment and opportunities to help them to improve information security, and business processes
- Assist with the planning and design of enterprise security architecture, under the direction of the Vice President Global IT Services, where appropriate
- Able to develop innovative methods to solve challenging problems with available manpower and tools
- Flexible, able to maintain a positive attitude in a fast-paced constantly changing environment
- Maintain a highly visible profile, internally and externally (with vendors), that promotes the Network and Security team
- Experience with open source frameworks such as
- Experience in using DevOps tools
- Advise and guide other teams to ensure the development of secure software and products throughout the software development life-cycle
Security Principal Job Description
- Assist with the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) under the direction of the Vice President Global IT Services, where appropriate
- Participate in the annual reviews and updates of the enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of the Vice President Global IT Services, where appropriate
- Demonstrate mastery of six (6) areas of Technical Competency
- Mentor consultants in areas of expertise
- Lead large and complex engagements
- Perform final review on deliverables
- Advance the state of security in their areas of expertise
- Significant and meaningful contributions in the areas of research, account management, or other organizational capability contributions
- Deliver consultancy to highest level in practice area
- Proactively identify and manage risks by executing early warning programs
- Must be self-starter, self-managed, responsive and dedicated, with a proven track record of exceptional performance, high productivity and meeting deadlines
- Assess security aspects of feature implementation and quality in product releases
- Industry Standard Certifications such as CISA, CISM, CISSP
- Skilled in cross-function team project and program management
- Expertise in Information Security procedures
- Expertise in control frameworks and control objectives
Security Principal Job Description
- Consult on end to end security on the full vertical stack from device to end application
- Participating in and leading client meetings revolving around security topics
- May contribute to the development and implementation of the strategic direction and objectives of the Cyber Security service offering
- Manage and participate as a specialist on structured and bespoke security consulting engagements
- Provide leadership in the support of business development activities in the form of scoping, estimating and/or writing business proposals
- Contribute to the development and maintenance of consulting frameworks and methodologies
- Participate in client workshops, presentations, RFI/T/P's, and bid teams
- Serve as a mentor of other security staff
- Maintain personal familiarity with current security industry news and trends
- Performing analysis, design, and development of security features for system architectures
- Prioritizes and balances time, actions, resources, and initiatives to ensure achievement of goals
- Anticipates risks and opportunities and builds contingency plans to manage them
- Plans ahead to effectively manage the implementation of change efforts
- Experience in Software Development is a bonus
- Highly technical and comfortable with writing Powershell, and Python scripts .NET
- The candidate must be comfortable with blue and red teaming
Security Principal Job Description
- Providing integration and implementation of the computer system security solution
- Operate and maintain security toolsets to support organizations’ continuous monitoring and ongoing authorization programs
- Leverage security products and technologies to protect the organization’s systems and information and enable achievement of the organization’s objectives
- Research and analyze emerging technologies and design and build architectures and solutions to enable secure implementation of new technologies
- Serve as a Cybersecurity and Information Assurance (IA) engineer throughout all stages of system acquisition, development, and maintenance
- Identify and derive cybersecurity requirements
- Identify authorizations required for conducting vulnerability scans, accessing System Under test (SUT) with administrative privileges, and conducting penetration and exploitation activities across networks and against CS-accredited systems
- Review SUT program documents including Test Evaluation Master Plan (TEMP), manning documents, Developmental Test (DT) Plans and reports, training manuals, and operator and maintenance manuals
- Review the SUT’s Joint Capabilities Integration and Development System (JCIDS) documentation, such as the initial capabilities, capabilities development, or capabilities production document and the information support plan, CSS, DoD Information Assurance Certification and Accreditation Program (DIACAP) certification and accreditation packages
- Evaluate SUT and System of Systems (SOS) network architectures and identify SUT’s critical CS capabilities
- Understanding of possible security impact of systems management tools and "Infrastructure as Code" desirable
- Familiar with handling and marking of classified information
- Familiarity with Security policies governing the storage of, access to, and transmittal, of classified information
- Experience with Linux, OSS, and 3rd party software in addition to Windows is a big plus
- Highly motivated, project oriented with the ability to transform challenges into tangible plans
- Analytical thinker with a growth mindset and the ability to hear and synthesize diverse perspectives