Senior Security Engineer
Hexcel
- Salt Lake City, UT
- Permanent
- Full-time
- Researches, designs, and implements information security solutions for organization systems and products that comply with all applicable security policies and standards.
- Works with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software.
- Analyzes and makes recommendations to improve network, system, and application architectures. Perform routine scans of network and infrastructure systems and report summary results to management.
- Examines network, server, and application logs to determine trends and identify security incidents.
- Assists in the review and update of information security policies, architectures, and standards
- Assists in responding to audits, penetration tests and vulnerability assessments.
- Assist Infrastructure and Applications teams to remain compliant with cyber / information security policy and practices.
- Participation in Hexcel’s information security governance structure including alignment with the Corporate Risk program, IT Governance Committee and IT Leadership team.
- Development and ongoing operation of an Information Security Management System encompassing required aspects of the ISO 27000 standard, NIST 800 / CMMC and SOX frameworks.
- Manage and contain information security incidents and events to protect Hexcel assets.
- Cybersecurity specific certifications such as CISSP (Certified Information Systems Security Professional and/or CISM (Certified Information Security Manager) preferred.
- Technical expertise in network security knowledge, to include VPN, Firewall, network monitoring, intrusion detection, web server security, and wireless security.
- Strong knowledge of common vulnerabilities and exploitation techniques.
- Direct experience with Microsoft and other cybersecurity tools, monitoring systems and alert frameworks.
- Demonstrated experience implementing and managing security policies and systems within a manufacturing environment.
- Excellent verbal and written communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various levels within the organization.
- Sound knowledge of business management and a working knowledge of information security risk management and cyber technologies.
- Proven track record and experience in developing information security policies and procedures as well as successfully executing programs that meet high corporate standards for execution.
- Ability to influence teams and decisions in situations where no formal reporting structures exist but achieving desired outcomes is vital.
- High degree of initiative, dependability and ability to work with little supervision while being resilient to change.