Security Engineer II

CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. CBTS combines deep technical expertise with a full suite of flexible technology solutions--including Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, CBTS delivers comprehensive technology solutions for its clients' transformative business initiatives. For more information, please visit www.cbts.com.


OnX is a leading technology solution provider that serves businesses, healthcare organizations, and government agencies across Canada. OnX combines deep technical expertise with a full suite of flexible technology solutions—including Generative AI, Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, OnX delivers comprehensive technology solutions for its clients’ transformative business initiatives. For more information, please visit www.onx.com.



Security Engineer II


Job Purpose:


100% customer-facing position with the mission of managing technical security controls and effectively managing and communicating vulnerabilities, exploits, and incidents within appropriate operations teams while striving for internal service levels resulting and managing customer risk. The primary purpose is to provide day-to-day operation support of the client's security infrastructure or day-to-day monitoring, management, and response to security events.


Essential Functions:


  • 75% - Perform day-to-day management of the security infrastructure within their area of expertise and/or Perform incident/event/detection response and analysis of security events in the enterprise.
  • 10% - Participate and/or ownership of project improvement efforts including infrastructure upgrades, automation development, implementation/testing of new systems. Processes, or techniques, documentations, etc. directly related to the team's goals and effectiveness.
  • 10% - Interact routinely with technology team leadership (i.e. senior security engineer and/or Team Lead).
  • 5% - Assist with the documentation of procedures for security infrastructure within their area of expertise.


Experience:


3 to 5 years of experience Senior-level roles as IT Security Engineer Cyber-Security Analyst, Cyber-Intelligence Analyst Security Systems Engineer Security Analyst.


Education:


Two years of College or Technical School resulting in an Associate's Degree or equivalent.


Certifications, Accreditations, Licenses:


One or more of the following certifications dependent on the actual role:

  •        GIAC/SANS certifications - GCIH, GCIA, GCFE, GCFA, GREM, GSEC
  •       ISC2 – CC, SSCP, CCSP, CISSP
  •        CompTIA Security+, Akamai Security, Microsoft, Linux technical certifications

Key Responsibilities:

 

  • Oversee the deployment, configuration and ongoing management of the Insider Threat and Endpoint DLP solutions.  Ensure platform scalability, performance optimization and high availability across the enterprise.
  • Support and assist insider threat team with gaps identified while investigations by analyzing alerts and logs generated by the Insider Threat and Endpoint DLP solutions.
  • Support and assist with policy development & refinement for rulesets.  Customize configurations based on evolving organizational needs and threat landscapes.
  • Work closely with the Digital Technology, Cyber Defense Operations, and Compliance teams to align the platform’s capabilities with business and regulatory requirements.  Provide technical leadership and mentorship to junior team members.
  • Integrate platform solutions with other Cybersecurity tools such as SIEM, SOAR and EDR/XDR platforms.
  • Monitor platform health and proactively address potential issues.  Generate and present detailed health reports & platform performance metrics to stakeholders
  • Automate repetitive tasks to enhance efficiency and streamline operations.
  • Collaborate with stakeholders to understand business requirements and design Proofpoint email security solution. This includes configuring email security policies, threat intelligence, and data loss prevention (DLP) rules.
  • Manage and maintain the Proofpoint environment, including system upgrades, patching, and policy tuning. Monitor system health, performance, and availability to ensure optimal operation. Troubleshoot and resolve any issues that arise.
  • Play a key role in incident response activities related to email security incidents. Investigate and analyze security events, identify root causes, and implement preventive measures to mitigate future threats.
  • Develop and enforce email security policies, rules, and filters to protect against spam, malware, phishing, and other email-borne threats. Continuously assess and refine policies based on evolving threat landscapes and business requirements.
  • Stay up to date with the latest email security threats, vulnerabilities, and industry best practices. Conduct research and analysis to proactively identify emerging threats and propose appropriate mitigation strategies.
  • Maintain accurate documentation of the Proofpoint environment, configuration settings, and procedures. Prepare regular reports on system performance, security incidents, and mitigation efforts for management and stakeholders.
  • Engage with Proofpoint support and product teams to escalate and resolve technical issues, coordinate product updates, and provide feedback on product enhancements and feature requests.

Special Knowledge, Skills, and Abilities:


  • Must be a team player.
  • Experience with one or more enterprise host protection systems, enterprise vulnerability management, network security tools such IPS/IDS, and/or experience with attack tactics, techniques, and procedures used by the APT, Cyber Crime, and other associated threat groups.
  • Expertise in endpoint security, data loss prevention and insider threat management.
  • Deep understanding of networking concepts, endpoint security and threat detection techniques.
  • Strong knowledge of SaaS solutions and cloud-native security architectures.
  • Proficient in integrating security platforms with other Cyber security applications.
  • Extensive experience in designing, deploying, and managing Proofpoint email security solutions.
  • Strong knowledge of email security protocols and standards (e.g., SMTP, SPF, DKIM, DMARC) and email authentication mechanisms.
  • Proficiency in configuring and managing Proofpoint products, including Email Gateway, TAP, ATP, and Encryption solutions.
  • In-depth understanding of email security threats, including phishing attacks, spam, malware, and data exfiltration techniques.
  • Familiarity with email security-related regulations and compliance standards (e.g., GDPR, HIPAA).
  • Strong demonstrated skills in one or more enterprise-level OS environments including Microsoft Windows, Linux, or Unix.
  • Understanding of network communications (TCP/IP, Ethernet, WAN/LAN technologies).
  • Previous CIRT experience with a targeted (APT) and crimeware threat program.
  • Knowledge of information security threat types, their composition, and IOCs Dynamic Malware Analysis Experience.
  • Knowledge of attacker tactics, techniques, and procedures (TTPs) used by the APT, Cyber Crime and other associated threat groups.
  • Knowledge of computer security incident investigation and response.
  • Experience analyzing common types of attacks, cybercrime, APT, etc...
  • Experience with Splunk or similar Log analysis tools and experience reviewing security events.
  • Experience reviewing, analyzing, and providing reporting on ongoing Intel gathering from various classified, sensitive, as well as open-source intelligence sources.
  • Deep internal knowledge of the MS Windows operating system, file system, registry, processes, and communications as well as collection and analysis techniques.
  • Knowledge of intrusion analysis, network, and host forensics.
  • Scripting experience is a plus (Python, Perl, Ruby, etc.).
  • Additional working knowledge (understanding) with Akamai WAF, AWS Security or Crowdstrike a plus.
  • ITSM - Incident / Problem / Change / Request Management experience (ServiceNow preferred)
  • Excellent problem-solving skills and the ability to identify, troubleshoot, and resolve complex configuration or security challenges.
  • Strong interpersonal skills with the ability to work effectively with cross-functional teams, including IT, DevOps, Security, and Compliance.
  • Strong organizational skills and attention to detail.
  • Ability to work independently and manage multiple priorities and projects simultaneously in a fast-paced environment with changing priorities.
  • Good verbal and written communication skills.

Supervisory Responsibilities:


No Supervisory Responsibility

 



Due to U.S. Government requirements applicable to foreign-owned telecommunications providers, non-US citizens may be required to submit to an extensive government agency background check which will necessitate disclosure of sensitive Personally Identifiable Information.

Operations

Remote (United States)

Share on:

Terms of servicePrivacyCookiesPowered by Rippling