Information Security Engineer (Remote)

Job Description

We are looking for a detail-oriented individual to drive quality-related security work for Sinclair's Information Security program. You will fill the role of Information Security Engineer with a focus on supporting an enterprise Vulnerability Management program. You will apply security in-depth principles to reduce vulnerability risk for Sinclair's business units, cloud, and infrastructure environments. You will partner with internal stakeholders and consultants to develop security solutions to protect the confidentiality and integrity of Sinclair's sensitive data. You will also work closely with security operations, engineering, and software development teams to support an enterprise application security program.

Responsibilities:

Processes & Execution

• Manage processes and solutions pertaining to vulnerability management, application security, CIS benchmarks, and other security services as required.
• Provide mentorship and knowledge transfer to security team members.
• Excellent communication skills with an ability to collaborate with company stakeholders and business partners effectively and professionally.
• Ability to think strategically, plan methodically, and execute tactically.
• Take ownership of professional development and training needed to excel in your role.
• Lead initiatives to develop and mature vulnerability management services as they apply to team and organizational goals.
• Act as an advocate for Information Security objectives while identifying creative solutions to ensure progress is made.
• Drive remediation activities by understanding the impact of findings and developing communication channels with key stakeholders.

Engineering, Collaboration & Partnerships

• Evaluate and recommend new products, methodologies, processes, and solutions to support an enterprise vulnerability management program.
• Maintain knowledge of current trends, recent publications, and emerging technologies as it pertains to vulnerability, application, and other technical risks.
• Contribute to the vulnerability management program by identifying technical risks in a variety of technologies and environments including but not limited to SAST/DAST scan results, microservices, container security, vulnerability scans, and baseline security configurations (SCAP).
• Assess, implement, and tune security tools to identify weaknesses and vulnerabilities in systems, applications, microservices, databases, and cloud environments.
• Identify, prioritize, communicate, and mitigate security risks for on-premises and hybrid/multi-cloud environments.
• Produce frequent metrics to measure the efficacy and effectiveness of the program.
• Identify business critical systems and environments including mapping data types in enterprise assets, databases, cloud environments, and applications.
• Work with outside vendors and consultants to identify tools to meet or exceed requirements.
• Define, document, and implement creative solutions to "find a better way."
• Demonstrate good judgment in identifying and solving problems that aligns with team and corporate goals.
• Enforce compliance with company policies and standards.
• Develop baseline controls that align with NIST 800 series standards.

Performance Improvement

• Help the security team to maintain a level of excellence.
• Develop and evaluate performance metrics to establish process success.
• Design, document, and implement procedures and techniques that are consistent with best practices for analyzing and evaluating the risk (software & business), accuracy, completeness, internal integrity/consistency, testability, and overall quality of the system.
• Research emerging technologies and identify opportunities for adoption within vulnerability management and application security.
• Track progress for vulnerability management related processes, and constantly look for ways to make things work better, faster, and smoother.
• Collaborate on and adhere to security engineering standards, methodologies, and sustainable processes.

Qualifications:

• Bachelor's degree in IT discipline or equivalent work experience.
• 5 years of experience within the Information Security space, preferably in a mid-to-large size company. Broadcast experience is a plus.
• 2+ years of experience working with multi-cloud architectures, evaluating security solutions for different cloud deployment models, and securing enterprise cloud-based services.
• Hands-on experience securing microservices, container security and CI/CD pipeline (Kubernetes, Docker), and leveraging IaC to detect vulnerabilities in the SDLC.
• Experience with the "big three" cloud vendors (Amazon Web Service, Azure, Google Cloud Platform).
• Supporting cloud security concepts including testing and implementing security enhancements.
• Professional level security certifications preferred (e.g., CCSP, SSCP, CISSP, CEH, CISM)
• Experience taking ownership of project, enhancement, or other assignments and seeing the process through to completion.
• Working knowledge of network and/or security technologies
• Experience formulating and creating security metrics to show program progression.
• Nice to have - experience with Power BI.
• Other requirements as needed.

If you are local to Hunt Valley, MD this will be a hybrid role. If you are not local, you will be remote and may have to travel to Hunt Valley, MD once per year for a security week.

Sinclair Broadcast Group, Inc. is proud to be an Equal Opportunity Employer and Drug Free Workplace!

About Us

Make your mark in Media with Sinclair Broadcast Group, a diversified media company dedicated to connecting people with content everywhere! We have consistently led the broadcast industry since our inception, and now Sinclair owns the largest regional sports network business and one of the largest television broadcast portfolios in the country. In addition, we have affiliations with all of the major broadcast networks, own Tennis Channel, and several multicast networks including TBD and Comet. Our content is distributed over-the-air, on multi-video providers, and through our industry-leading digital media platforms. We're at the forefront of NextGen technology, enabling innovative new ways to engage with broadcast content like never before. We also recently launched a free TV streaming service called STIRR. Our success is the direct result of our extraordinary employees and management team who believe in our vision and are dedicated to ensuring a great future for our employees. We are advancing the world of Media and want YOU to join our winning team!

About the Team

The life-blood of our organization is our people. We have a compelling story, a goal-oriented culture, and we take really good care of people. How good? Here is a glimpse: great benefits, open door policy, upward mobility and a strong desire to see you succeed. Ready to be part of a winning team? Let's talk.

The base salary compensation range for this role is $100,000 to $113,000. Final compensation for this role will be determined by various factors such as a candidate's relevant work experience, skills, certifications, and geographic location. Full time positions are eligible for benefits that include participation in a retirement plan, life and disability insurance, health, dental and vision plans, flexible spending accounts, 15 paid vacation days, 2 paid personal days, 9 paid holidays, 40 hours of paid sick leave, parental leave, and employee stock purchase plan