Security Engineer ( 597760-1C )
When you join Verizon
Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
The Verizon Corporate Information Security (CIS) organization enables the business by protecting assets and information across Verizon networks, infrastructure, and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.
Security Engineering’s mission is to provide control-driven process and technology assessments along with recommendations to reduce risk by protecting our network, endpoints, and data. The team acts as a bridge between our key business partners and our security architecture and information risk functions to find mitigating solutions that allow our business to move forward with innovation while reducing risk to an acceptable level.
We are looking for a Security Engineer to join our team and assist with various projects, reviews, and assessments as well as participate in standard workload handling within the Security Engineering organization. This activity could include:
- Firewall request review and approval. This entails ensuring security policies, best-practices, and rules of least-privilege are adhered to.
- Review/process various security exception requests. Examples could include proxy requests, USB exceptions, etc.
- Oversee and partner with potential managed resources on various security request processing activity.
- Perform security engineering reviews and technical consultation for various projects and initiatives.
- Work with internal and external stakeholders to understand business requirements and deliver secure solutions that support IT and business objectives.
- Analyze and identify risks in network and system designs and communicate with stakeholders to address the risk and drive a solution.
- Provide technical assessment of control deployments, providing control implementation guidance, and mitigating control solutions where/when necessary.
- Provide services that follow accepted best practices in security, recognizing changes in threat vectors.
- Work with engineering and operational teams to deploy and integrate security infrastructures based on understanding of the risk within the Verizon enterprise.
- Make informed decisions on matters of risk and security engineering approach that reflect your information security experience and industry best practices.
- Process various requests, reviewing through the lens of security best practices, least privilege, compensating controls, and needs of the business.
Where you'll be working...
This role will be based out of any of the locations listed in the posting. In this role, you'll have a defined work location that includes work from home and assigned office days set by your manager
What we’re looking for...
You'll need to have:
- Bachelor’s degree or four or more years of work experience.
- Four or more years of relevant work experience.
- Experience in security disciplines including endpoint and platform protection (Windows, Mac, mobile, UNIX/Linux), network protection, and data protection.
- Willingness to travel.
Even better if you have one or more of the following:
- Bachelor’s degree in information technology or cyber security.
- Certifications: CISSP, CCSP, CISM/CISA, AWS, Cisco, or other security or technical certifications.
- Demonstrated knowledge of cybersecurity risk, compliance, and governance management concepts, cybersecurity frameworks, and security technologies.
- Experience with NIST CSF and functions Identify, Protect, Detect, Respond, and Recover.
- Demonstrated understanding of cyber risks and implementing mitigation plans.
- Experience with Endpoint Protection methodologies like MDM, CIS/STIG hardening, security agents, vulnerability management.
- Experience with Network Protection methodologies like tiered-architecture, segmentation, firewalls, IDS/IPS, proxies, remote connectivity, Zero Trust.
- Experience with Data Protection methodologies like encryption, obfuscation, masking, tokenization.
- Experience in web and/or mobile application assessments.
- Experience with the transformation of traditional data center security measures into hybrid and cloud deployment (AWS, GCP, Azure).
- Understanding of tools and techniques used by attackers to gain entry into corporate networks, including common IT system flaws and vulnerabilities (knowledge of threat landscapes and threat modeling).
- Strong communication and written documentation skills.
- Ability to handle multiple priorities in a fast paced, dynamic environment.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.
COVID-19 Vaccination Requirement
NYC candidates: Verizon requires new hires to be fully vaccinated against COVID-19 for onsite and hybrid NYC roles. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical or religious reasons). Additional information will be provided during the hiring process.