OVERVIEW
Starting wage is based on a number of factors including, but not limited to, the position being offered, location, education, training, and/or experience. Construction Resources offers additional competitive and non-financial benefits.

The Senior Security Engineer will be responsible for designing, implementing, and maintaining a security program including risk management processes and security measures that protect the company’s systems, networks, and data. The Senior Security Engineer will work closely with other IT and security professionals to ensure that the organization’s assets are secure and compliant with relevant regulations.

JOB DESCRIPTION
Key Performance Indicators:

• Information Security Program Design, Implementation, and Maintenance
• Cyber Incident Response
• Vulnerability Management
• Security Compliance
• Security Awareness Training
• Risk Management
• Identify and Access Management
• Cloud Security
• Continuous Improvement of Security Posture

Responsibilities:

• Design and implement secure architecture for applications and infrastructure (onsite and in the cloud).
• Develop and maintain security policies, standards, and guidelines.
• Work with enterprise systems team to develop and implement code scanning into the CI/CD pipelines.
• Implement vulnerability security testing tools and frameworks.
• Conduct threat modeling and risk assessments.
• Assist in assessing readiness and in passing compliance audits for applicable data protection laws and regulations (i.e., PCI, DSS)
• Assess gaps in security practices and propose appropriate solutions.
• Collaborate with development, operations, and IT teams to promote security best practices, including service level agreements, availability, continuity, system security, documentation, technology adoption, and planning.
• Advocate for security within the organization.
• Participate in the preparation and execution of cyber security incident response plans, exercises, and events.
• Assist in preparing and exercising resilience, incident response, business continuity, and disaster recovery plans.
• Support Security Awareness Program.
• Manage annual third-party penetration testing and findings to remediation.
• Build and participate in a third-party risk management program.
  • Perform vendor and partner risk assessments.
• Perform security audits on applications and infrastructure.
• Perform other security projects as needed.
• Stay updated with the latest security trends, threats, and technologies.

Basic Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• Minimum of 10 years as a security engineer or similar role.
• Strong understanding of network security, cryptography, and secure coding practices.
• Experience with security protocols and technologies, including SSL/TLS, VPNs, and multi-factor authentication (MFA).
• Relevant security certifications (CISSP, CEH, OSCP).
• Exposure in scripting languages (e.g., Python, Bash) for automation and security tool integration.
• In-depth knowledge of security best practices and frameworks (e.g., OWASP, NIST).
• Experience with Azure cloud security or similar cloud platforms.
• Familiarity with security tools and technologies, such as firewalls, IDS/IPS, SIEM, and antivirus software/EDR.
• Excellent problem-solving and analytical skills.
• Effective communication and people skills.

Preferred Qualifications:

• Master’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• Knowledge of regulatory requirements and standards, such as ISO 27001, NIST, and GDPR.

BENEFITS
Medical
Dental
Vision
Employer Paid Basic Employee Life and AD&D Insurance
Employer Paid Long Term Disability
Flexible Spending Accounts
Voluntary Short-Term Disability
Voluntary Life and AD&D Insurance
Voluntary Accident Insurance
Voluntary Critical Illness Insurance