Cybersecurity Senior Engineer/Architect (remote opportunity)

Summary: This position will be a key member of the Cybersecurity Engineering team that will design and develop tools, services, programs, and projects with the focus of providing scalable, highly available, and efficient solutions and services. This position will shape the program and directly impact the operational capabilities of the assigned focus areas. In addition, as part of a team of trained security subject matter leaders, this position will support additional practice areas such as; endpoint detection and response (EDR), End User Behavior Analysis (EUBA), Data Loss Prevention (DLP), Security Orchestration Automation and Response (SOAR), and similarly aligned security practices. Drive efforts in designing, implementing, administering, and supporting enterprise security controls for both on prem and cloud environments, utilizing best practice security architecture frameworks and methodologies.

What You'll Be Doing:

• Architect, implement, administer, and support enterprise security strategies and controls focused for a hybrid on-prem and cloud infrastructure.
• Provide analysis and recommendations for the continuous improvement of the overall enterprise security posture.
• Collaborate with and occasionally lead cross functional teams to improve overall security posture specifically focused on IR and VM controls.
• Leverage solutions such as Tenable, Rapid7, Qualys, Varonis, Prisma, BeyondTrust, Okta, Elk, Zscaler, Forcepoint, and similarly aligned applications to improve enterprise security.
• Serve as escalation point for responding to various cybersecurity incidents including but not limited to tabletop simulations, operational readiness exercises, standard operating procedures (SOP) validations, and disaster scenarios.
• Track and own security incidents from detection to resolution, engaging in any containment, eradication, recovery, and tuning actions as needed.
• Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or unauthorized activity.
• Prepare and continually improve SOP documentation, methodologies, and readiness capabilities.
• Interact with and lead projects, and relationships with third party solution providers.
• Prepare and update Cybersecurity procedures, standards and/or other technical requirement documents.
• Participate in the review and implementation of security solutions aimed to enhance incident response capabilities.
• Investigate, escalate, and respond to potential security events and user inquiries.
• Participate in alert development and tunning efforts and collaborate with third party support vendors to improve visibility and monitoring capability and procedures.
• Collaborate with security and infrastructure teams to implement consistent technical solutions and support processes.
• Evaluate and harden tooling and instrumentation to prevent cybersecurity exploits.
• Provide input on the roadmap for addressing capability gaps, maturity improvements, and innovations.
• Perform and/or coordinate regular security assessments of existing or new infrastructure.
• Perform duties necessary to assist in establishing practices and system configurations to ensure the safety of enterprise system assets and to protect enterprise system from intentional or inadvertent access, compromise, or destruction.
• Assist with monitoring and auditing of information systems activities and systems to confirm security policy compliance and provide management with security policy compliance assessments and system monitoring reports.
• Work with stakeholders to provide security solutions that support their business requirements.
• Conduct security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices.
• Identify security gaps that expose the enterprise to potential exploits and develop short and long term prioritized remediations to address those gaps ensuring management is apprised of the risk in a timely manner.

What You'll Bring To The Company:

Required:

• Demonstrated expert understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures.
• In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform.
• Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other attack artifacts in support of incident investigations.
• Experience and proficiency with any of the following: EDR, Anti-Virus, HIPS, IDS/IPS, Full Packet Capture, Host-Based Forensics, Network Forensics.
• Experience with malware analysis concepts and methods.
• Familiarity or experience in Cyber Kill Chain methodology and/or MITRE ATTACK framework.
• Knowledge of Virtualization and Cloud security.
• Familiarity and/or previous experience with at least one of the following: Tenable, Rapid7, Qualys.
• Knowledge of Linux, UNIX, Windows (including Active Directory) and other operating systems.
• Knowledge of popular databases such as MSSQL, Oracle, and MySQL.
• Experienced or conversant with public cloud computing - AWS (preferred), Azure and/or GCP.
• Ability to interpret information security data and processes to identify potential compliance issues.
• Ability to quickly understand complicated data flows to identify and validate security requirements.
• Must be a team player and willing to establish a strong positive working relationship with all areas of the business.
• Ability to work effectively, independent of assistance or supervision.
• Innovative, creative, and extremely responsive with a strong sense of urgency.
• Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone.
• Goal oriented, organized, and motivated to learn and advance to a higher level within professional career.
• Strong interest in learning new and emerging technologies.
• Good understanding of Security and systems best practices.
• Willing to share knowledge with co-workers and to assist them in understanding technical and business topics.

Preferred:

• Experience and proficiency with any of the following: MDR, IAM, PAM, DLP, IDR.
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
• Bachelor's degree in engineering, computer science, or IT related field or ten to fifteen years of experience as an advanced system Architect or engineer.
• Seven or more years of engineering experience developing and delivering complex, distributed, enterprise class hardware/software, and creating successful business outcomes.
• Experience with agile methodologies and practices a plus.

About Us:

Grange Insurance Company, with $3 billion in assets and more than $1.3 billion in annual revenue, is an insurance provider founded in 1935 and based in Columbus, Ohio. Through its network of independent agents, Grange offers auto, home, life and business insurance protection. Life insurance offered by Grange Life Insurance and Kansas City Life Insurance. Grange Insurance Company and its affiliates serve policyholders in Georgia, Illinois, Indiana, Iowa, Kentucky, Michigan, Minnesota, Ohio, Pennsylvania, South Carolina, Tennessee, Virginia and Wisconsin.

Who We Are:

We are committed to an inclusive work environment where we welcome and value diversity and inclusion. We hire great talent from a wide variety of backgrounds, and our associates are our biggest strength. The diversity of our associates, their backgrounds, experiences, and individual differences are the foundation for our success. Our inclusive culture empowers all of us to "Be One Team", "Deliver Excellence", "Communicate Openly", "Do the Right Thing", and "Solve Creatively for Tomorrow". We have active Associate Resource Groups and a Diversity and Inclusion Team, that focuses on professional development, networking, business value and community outreach; all which encourage and facilitate an environment that fosters learning, innovation, and growth. Together we use our individual experiences to learn from one another and grow as professionals and as humans.

We welcome the unique contributions that you bring from education, opinions, culture, beliefs, race, color, religion, age, sex, national origin, handicap, disability, sexual orientation, gender stereotyping, gender identity or expression, genetic information, ancestry, pregnancy, veteran status, and citizenship.

Grange Enterprise is proud to be part of the CEO Action for Diversity and Inclusion™, a national initiative of more than 1400 CEOs working for the advancement of diversity and inclusion within the workplace.