Insulet Corporation

  • Enterprise Cyber Security Engineer

    Job Locations US-MA-Billerica | US-MA-Billerica
    Posted Date 3 months ago(3/27/2018 10:16 AM)
    Category
    Information Technology
  • Position Summary

    The Enterprise Cyber Security Engineer will be responsible for defining and delivering cyber security engineering services in support of Insulet’s Infrastructure, Network, and Endpoint technologies. This is a truly cross functional position that will interface with business users and corporate IT with the goal of driving the continuous maturity of Insulet’s enterprise cyber security program.

    Responsibilities

    • Provide managed and repeatable enterprise cyber security engineering services in support of Insulet’s infrastructure, network, and endpoint technologies
    • Interfacing with the Systems and Network Engineering team, support a secure corporate infrastructure:
      • Maintenance and scaling of Identity and Access Management (SSO and MFA) technologies across all corporate systems
      • Support continuous patch management initiatives
      • Support Privileged Account Management (PAM) technologies
      • Lead continuous vulnerability assessment program
      • Lead ad-hoc cybersecurity penetration testing efforts
      • Lead Infrastructure and corporate systems asset management
      • Development and maintenance of secure system threat models for all enterprise architectures (cloud, hybrid, and on prem)
      • Support network segmentation of traffic and principle of least access initiatives
      • Support secure wireless management
      • Support data classification program and technologies
    • Interfacing with the Global production support team, support secure endpoints (Windows, iOS, Mobile):
      • Integrate managed Security Operations Center (SOC) incidents with ServiceNow SecOps
      • Tier 2+ support and analysis of all security incidents
      • Lead continuous end point cyber security efforts (secure build, endpoint protection, permissions management, next gen AV, endpoint monitoring)
      • Maintenance and scaling of MDM technologies for corporate endpoints as well as BYOD devices
      • Lead endpoint and user application asset management
      • Development of information security metrics
    • Interfacing with Security Leadership and IT Risk:
      • Lead 3rd party risk management platform
      • Ensure compliance with all regulatory, audit, security, and risk management requirements (HIPAA, Sarbanes Oxley 404, GxP, GDPR, etc.)
      • Development and maintenance of enterprise cyber security risk registers
      • Evaluate and document vendor software solutions, especially technical integrations to confirm they meet corporate and technology security standards and guidelines
    • Evaluation and documentation of cybersecurity posture of corporate systems by leveraging standard and repeatable procedures informed by industry best practice guidance (NIST Cybersecurity Framework, NIST Risk Management Framework, NIST 800-53, NIST 800-63, NIST 800-64, NNIST 800-124, NIST 800-125, NIST 800-125b, NIST 800-128, NIST 800-144, NIST 800-153, NIST 800-177, NIST 800-179, ISO 2700x, etc.)
    • Provide innovation and creativity to mitigate business or technical cyber security issues.

    Education and Experience

    • Knowledge of web and mobile application architecture patterns, concepts, distributed environments, and database technologies.
    • Strong communication and interpersonal skills. Ability to communicate ideas clearly and efficiently across technical and non-technical audiences, displays active listening skills, and communicates effectively and efficiently.
    • Ability to prioritize multiple tasks and develop innovative solutions to meet project expectations without compromising good design.
    • Ability to create architecture and data flow diagrams.

     Knowledge / Education

    •  Bachelor’s degree or higher, or substantial verifiable experience in one or more of the following areas:
      • Secure systems engineering
      • Secure network engineering
      • Relevant Military Service Positions (Army 17c, Army 25d, Army 255s, Air Force 1b4x, Navy Cryptologic Technician)
    • Relevant security certifications (CISSP, SCP, GSEC, CompTIA, etc.) a plus
    • Relevant IT certifications (AWS, Microsoft, VMWare, ITIL etc.) a plus

    Job Experience

    • Systems Engineering
    • Network Engineering
    • Network penetration testing
    • NOC or SOC experience highly desirable
    • CRM and data integration experience a plus
    • IAM experience a plus

    Skills/ Competencies

    • Strong understanding of encryption, cryptography, and secrets (key) management
    • Cloud Compute Infrastructure (AWS, Azure)
    • Security Threat Modeling

     Travel / Schedule

    • Up to 10% Global travel possible

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed