PRIMARY PURPOSE OF POSITION

The Principal Security Engineer possesses both a deep knowledge of current and planned security technologies across the enterprise and a keen understanding of the day-to-day monitoring operations performed by the Cyber Security Operations Center (CSOC) Analysts and Threat Hunting Team. The Principal Security Engineer role acts as a conduit between the CSOC Analysts, Threat Hunters, Security Engineering, and Security Architecture Teams, enabling the IT Cyber department to ensure it is focusing on the right mix of security technologies to enhance visibility and enable monitoring use cases necessary to keep pace with both the company's evolving technical environment and the constantly changing threat landscape in which it operates. This role must have an in-depth understanding of network infrastructure, firewalls, intrusion detection systems, Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR) technologies and how they strategically intersect with business requirements. Operate independently with little or no supervision.

PRIMARY DUTIES AND ACCOUNTABILITIES

• Works with Constellation Security Engineering and Security Architecture Teams to develop a thorough understanding of Constellation's evolving computing environment, and the security technologies required to secure it.
• Reviews current security product roadmaps and helps evaluate new projects with a risk-based approach to determine where they should fit into existing monitoring strategies.
• Maintains a map of current security solutions to Constellation's network and application architecture and maps that against MITRE or other applicable standards to identify gaps and help create projects for continuous improvement.
• Examines existing and new security solutions, alerts, and data for new detection use cases, and advises CSOC Managers, Analysts and Threat Hunters on their use for monitoring
• Support CSOC Analysts on enhanced monitoring and blocking strategies during emerging events or incidents.
• Using the information above, provides insight to any teams required to respond to auditors, governmental inquiries, etc. about Constellation's security monitoring solutions.
• Provide coaching/ mentorship for IT personnel. Participate in career development and recognition activities. Promote diversity, equity, and inclusion and foster teamwork, collaboration, and a learning organization.

MINIMUM QUALIFICATIONS

• Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline, and 8 to 10 years of solid, diverse experience in Cyber Security Engineering and Incident Response, or equivalent combination of education and work experience.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
• Knowledge of enterprise security solutions (Boundary, Endpoint Detection and Response, Security information and Event Management, IT services management and Cloud, etc.)
• Knowledge of how network services and protocols interact to provide network communications.
• Knowledge of incident categories, incident responses, and timelines for responses.
• Experience supporting projects, planning, maintenance and operations.
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.
• Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
• Knowledge of basic system administration, network, and operating system hardening techniques.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of an organization's information classification program and procedures for information compromise.
• Knowledge of OSI model and underlying network protocols (e.g., TCP/IP, Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).).

PREFERRED QUALIFICATIONS

• Graduate degree in cyber security or related area of expertise.
• Direct experience in network security (SOC, SIRT, CSIRT) investigating targeted intrusions through complex network segments.
• Demonstrated skill of identifying, capturing, containing, and reporting malware.
• Demonstrated skill in performing damage assessments.
• Skill in using security event correlation tools.
• Demonstrated knowledge of cyber defense policies, procedures, and regulations.
• One or more of the following: GIAC Certified Intrusion Analyst, GCIA, GIAC Certified Incident Handler, GCIH, CISSP or SSCP designation.
• Knowledge of NERC CIP based systems and compliance based technical architecture.
• Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).