Cyber Security Engineer

Position Overview

Core Competencies: Within Harris Williams IT, The Cyber Security Engineer will be a primary member of the IT security team, bringing clarity and technical focus to our enterprise defense efforts. It will partner across HW internal teams and our SOC to strengthen our security program and posture, and help accelerate our ability to detect, contain and respond.

Job Description

Core Responsibilities:

• Use an effective, repeatable process to capture, prioritize, and remediate security issues / workload
• Protect and defend HW systems and resources, examining configurations and security of server, endpoint, mobile and application assets – on prem and cloud-based
• Partner with the HW IT and SOC teams to actively detect and respond to observed events, and analyze opportunities for security coverage enhancements and automation
• Leverage expertise in security technologies, tactics and protocols to rapidly isolate and remediate high interest events across the HW environment
• Build and implement a structured framework for assessing criticality of assets and potential impact of threats / exploits / events, consistent rating model for analysis and action
• Aggregate system logs to increase security threat visibility, automating into a streamlined event set where able
• Perform ongoing security operations to ensure system health, vulnerability management and version currency
• Ongoing ownership and evolution of our incident response capability, playbooks and analytic dashboards
• Assist and lead the execution of security projects / implementations as defined
• Involvement with cyber intelligence partners to operationalize threat information into SOC and HW security toolsets
• Perform security administration (access, configurations, rulesets, general hardening) as needed
• Develop and maintain operational documentation, procedures and configuration management

Job Specific Competencies, Education & Experience:

• High degree of professionalism, organization, proactivity and curiosity
• Passion for technology and innovation and a keen focus on ensuring an exceptional customer experience
• Ability to work across matrixed teams to effectively itemize, prioritize and deliver workload
• Relevant security administration and/or security certifications (Security+, CISSP, GSEC, OSCP, GISF, GCFE, GNFA)
• 3+ years’ experience in:
  • Secure system configuration best practices for server, endpoint, application, email and web layers
  • Employing structured cyber security frameworks (KillChain, ATT&CK, NIST CSF) to improve capabilities
  • Actively using endpoint security tools (CrowdStrike, TrendMicro, Carbon Black, Symantec)
  • Deploying and managing advanced security technologies (DLP, MS AIP, zScaler)
  • Using vulnerability scanning tools to identify patches and updates needed (Tenable, Rapid7, Qualys)
  • Inspection and analysis of system and security event logs
  • Evaluating and securing third party and IaaS / PaaS / SaaS commercial offerings
  • Authentication / active directory / SSO technologies, federation services
  • Experience with enterprise SIEM and logging platforms (Splunk, Elastic stack, AlertLogic)
  • Working w application transport and network infrastructure protocols (SSL/TLS, DNS, DHCP, WINS, NTP, FTP, HTTP, SMTP, CIFS, LDAP, and Microsoft AD) and their relationship to user applications

In order to be considered, you must be able to work in the U.S. without sponsorship.

This description reflects the core activities of the role but is not intended to be all-inclusive and other duties within the group/department may be required in addition to changes in the emphasis of duties as required from time to time.

Competencies

Analytical Thinking – Knowledge of techniques and tools that promote effective analysis and the ability to determine the root cause of organizational problems and create alternative solutions that resolve the problems in the best interest of the business.

Effective Communications – Understanding of effective communication concepts, tools and techniques; ability to effectively transmit, receive, and accurately interpret ideas, information, and needs through the application of appropriate communication behaviors.

Information Security Management – Knowledge of and the ability to manage the processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.

Information Security Technologies – Knowledge of technologies and technology-based solutions dealing with information security issues.

IT Environment – Knowledge of an organization's IT purposes, activities and standards; ability to create an effective IT environment for business operations.

IT Standards, Procedures & Policies – Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures.

Knowledge of Organization – Knowledge of the organization's vision, structure, culture, philosophy, operating principles, values, and code of ethics; ability to apply this understanding appropriately to diverse situations.

Problem Solving – Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply this knowledge appropriately to diverse situations.

Work Experience

Roles at this level typically require a university / college degree. Higher level education such as a Masters degree, PhD, or certifications is desirable. Industry relevant experience is typically 8+ years. Specific certifications are often required. In lieu of a degree, a comparable combination of education and experience (including military service) may be considered.

Education

Bachelors

Disability Accommodations Statement:

The PNC workplace is inclusive and supportive of individual needs. If you have a physical or other impairment that might require an accommodation, including technical assistance with the PNC Careers website or submission process, please call 877-968-7762 and select Option 4: Recruiting or contact us via email at pathfinder@pnc.com.

The Human Resources Service Center hours of operation are Monday - Friday 9:00 AM to 5:00 PM ET.

Equal Employment Opportunity (EEO):

PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.

California Residents

Refer to the California Consumer Privacy Act Privacy Notice to gain understanding of how PNC may use or disclose your personal information in our hiring practices.