Associate Principal, Security Engineering

Summary

This position is responsible for security testing and managing day to day engineering tasks. This position is a senior engineering position that requires the ability to complete highly technical testing and provide informational updates to leadership and executive staff.

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

• Perform cloud assessments, web application penetration testing, mobile application testing, network and operating system assessments
• Perform independent reviews of OCC’s security, network, applications, and cloud environments
• Produce reports and artifacts for various levels of leadership and staff relating to security related activities
• Ensure alignment of security controls as part of OCC’s Blue Team testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices
• Assist management with the improvement of policy and procedure to support Security Testing and Blue Team activities as well as other security duties which may arise
• Participate in developing security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends
• Continue to support, grow, and assist development current processes and tools

Supervisory Responsibilities:

• NA

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

• Requires an in-depth knowledge of security controls and standards in relation to Cloud Security, Architecture, DevOps, and Security Testing.
• Ability to manage multiple intricate projects with strict deadlines while maintaining best in class work.
• Ability to functionally serve as a primary point of contact across multiple teams within the organization and to lead projects for the entirety of the lifecycle.

Technical Skills:

• Experience with AWS Services including automation services (Lambda, JSON, etc…)
• Experience with DevOps Pipelines and GitHub Repos
• Architectural understanding and expertise of cloud and hybrid cloud infrastructure

• Five years’ Experience with Security Engineering activities and testing.
• Three years of experience with DevOps processes
• Three years’ experience with AWS architecture and services.

• Certification in at least one or more of the following:

• AWS Certified Solutions Architect
• AWS Certified Security Specialty
• Certification Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• GIAC Cloud Security Essentials (GCLD)
• GIAC Cloud Security Automation (GCSA)
• GIAC Security Essentials (GSEC)
• GIAC Defensible Security Architecture (GDSA)