Cyber Security Engineer
Date ActiveJul 5, 2021 12:00:00 AM
Hours Per Week40
Location436 Slater Road-HF308
Job Description/ Requirements
Since 1935, Webster Bank has been helping individuals, families and businesses meet their financial goals. As a leading regional bank, Webster's strong foundation is built on our core values of responsibility, respect, teamwork, trust and commitment to our communities. Webster bankers remain our most valuable asset, and we pride ourselves on our diverse, equitable and inclusive work environment. Come join our team!
The Cyber Security Engineer will directly support the VP of Security Architecture & Engineering and is responsible for providing the highest quality Cyber and Information Technology (IT) security solutions to Webster Bank associates and customers. The primary functions for this position include identifying threats and vulnerabilities in systems and software, then applying their skills to develop and implement high-tech solutions to defend against hacking, malware and ransomware, insider threats and all types of cybercrime.
MAJOR DUTIES & RESPONSIBILITIES
Developing/engineering secure, trusted systems. Performing assessments and penetration testing. Managing security technology and audit/intrusion systems. Developing and fielding secure network solutions to protect against advanced persistent threats.
- Ensure the value of each security tools is being realized by maturing capabilities and features
- Ensure security tools are updated and properly deployed within the environment
- Ensure that existing network security systems within environment comply with company security policies, standards, and procedures.
- Ensure that all bank technology initiatives and projects are implemented in a secure manner.
Implement technical solutions for requirements supporting GLBA, SOX, FISMA, ISO, PCI, and HIPAA
Recommend and coordinate the application of fixes, patches, and disaster recovery procedures in the event of a security breach
- Conduct risk assessments, diagnose internet/extranet security issues, intrusion attempts, cyber-crime response, assist in responses to external audits, penetration tests, and vulnerability assessments
- Research emerging technologies in support of security enhancement and development efforts
- Continuously identify gaps in security program coverage.
- Demonstrates compliance with all bank regulations for assigned job function and applies to designated job responsibilities -- knowledge may be gained through coursework and on-the-job training.
- Follows all bank policies and procedures, compliance regulations, and completes all required annual required or job-specific training.
- Actively learns, demonstrates, and fosters the Webster corporate culture in all actions and words.
- Takes personal initiative and is a positive example for others to emulate.
III. EDUCATION, EXPERIENCE & SKILLS
- Bachelor's degree in a related field required.
- 10+ years of professional IT experience.
- 3+ years of professional Information/Cyber Security Experience
- Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
- Superior communication and analytical skills.
- One Information/Cyber Security professional certification (SANS, CCIE Security, CCNP Security, CCNA Security or comparable).
- Secure coding practices, ethical hacking, and threat modeling
- Experience in public cloud IaaS such as AWS and Azure
- Knowledge of secure CI/CD pipeline or DevSecOps
- Proficiency in Python, C++, Java, Ruby, Node, Go and/or Power Shell
- IDS/IPS, penetration and vulnerability testing
- Firewall and intrusion detection/prevention protocols
- Windows, UNIX, and Linux operating systems
- Virtualization technologies
- MySQL/MSSQL database platforms
- Identity and access management principles
- Application security and encryption technologies
- Secure network architectures
- Subnetting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods
- Experience with advanced persistent threats, phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication