Senior Cybersecurity Engineer

Charlotte, NC, United States

Job Description

Hearst Technology, Inc, Information Security Office seeks a Senior Cyber Security Engineer for their Security Operations Team. This role is responsible for strengthening Hearst's cybersecurity posture through analysis, research, and security control validation. The scope of the position's responsibilities includes analyzing security controls across a large ecosystem and building solutions to continuously validate the effectiveness of those controls. This role will help validate Hearst's security posture and reduce the company's overall attack surface.

The Cybersecurity team is multi-faceted and focuses on driving value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.

Key Responsibilities:

Conduct comprehensive and continuous validations of security controls. Requires analysis of assessments of IT systems, applications, and infrastructure, vulnerabilities, and potential risks.

Develop ways to continuously test the effectiveness of security controls to mitigate identified risks, aligning with industry best practices and regulatory requirements.

Design, build, deploy, and manage an internal certification program to manage the maturity levels of Hearst owned businesses

Stay up to date on emerging security threats and trends, proactively evaluating and recommending necessary tests and countermeasures against those threats and trends.

Where necessary work with threat hunters and penetration testers to conduct vulnerability scans and penetration testing with the goal of identifying and remediating system weaknesses.

Develop and maintain accurate and up-to-date security documentation, including policies, procedures, and risk assessments.

Track and report on key security metrics to measure the effectiveness of security controls and identify areas for improvement.

Collaborate with cross-functional teams as needed.

Participate in the continuous improvement of the organization's information security program, evaluating new technologies and best practices.

Skills & Experience Required: This is a senior level position and requires comfort and experience with disparate technology stacks, manual security work, web application functionality, IT security, and vulnerability and threat management.

Minimum 8 years of experience in either offensive testing (penetration testing, red teaming, etc.), security engineering, security architecture, security analysis, or a combination thereof.

Demonstrated experience planning and executing security tests.

Ability to analyze an architectural document and strategically probe accordingly.

Experience working with various technologies and cloud platforms such as AWS, Azure, O365, GCP, containers, etc.

Understanding of current cyber threat landscape, the different tactics commonly used by adversaries and how one would investigate, contain, and recover against their attacks.

Understanding of database technologies.

Understanding of encryption technologies.

Strong understanding of information security principles, frameworks (e.g., NIST, CIS), and methodologies (e.g., risk assessments, penetration testing).

Proficiency in security assessment tools and technologies (e.g., vulnerability scanners, pen testing tools, etc.).

Other Experience: Strong work ethic with attention to detail.

Demonstrated analytical abilities.

Attention to detail, verbal and written communication, initiative, and motivation to learn.

Strong written/oral communication skills required along with desire and ability to communicate with business leaders through all levels of the organization.

Self-motivated with excellent planning and organizational skills; and the ability to prioritize tasks to meet deadlines and effectively manage changing priorities.

Ability to liaise confidently and professionally with a diverse range of people.

Professional customer orientation with a strong commitment to providing a high standard of customer satisfaction.

Ability to deliver client-ready documentation and participate in relevant client meetings.

Working understanding of project management principles, processes, and documentation.

Able to work across teams effectively and efficiently.

Preferred Education & Experience Preferred: Working knowledge of technologies such as Kali Linux (and included tools), Vulnerability Scanners (Tenable, Qualys, or any related), Application Security testers (Nikto, Invicti, or any related).

Preferred: Professional certifications relevant to necessary security knowledge. Examples are CEH, CPT, GPEN.

Preferred: Bachelor's degree in information technology, computer science, information systems, or equivalent. Years of relevant professional experience are acceptable in lieu of academic credentials.

About Us

Hearst is one of the nation's largest global, diversified information, services and media companies.

Hearst has been innovating for more than a century, leading with purpose, integrity and a culture of care, with a mission to inform audiences and improve lives.

The company's diverse portfolio includes global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; Hearst Transportation, which includes CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; 35 television stations; 24 daily and 52 weekly newspapers; digital services businesses; and more than 200 magazines around the world.

Hearst is always moving forward, investing in healthcare solutions to improve patient outcomes and technology that curbs emissions; providing vital analysis, data and software to the global financial services industry; delivering important service and investigative journalism; and inspiring audiences with sports and entertainment programming.

With a commitment to maintaining the highest quality in its products and services, Hearst is dedicated to serving the communities it operates in, both civically and philanthropically.

Hearst is an Equal Employment Opportunity employer. We do not discriminate in hiring on the basis of race, color, national origin, religion, creed, sex or gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, military or veteran status, or any other characteristic protected by federal, state, or local law.