JOB FAMILY SUMMARY: Direct/Manage/Supervise information security function. Develop and implement business plans, policies and procedures to maintain systems, network, database and/or Web security. Oversee the development, implementation and maintenance of information security, including access management, vulnerability assessments, penetration testing, infrastructure and regulatory compliance. Manage reporting, investigation and resolution of data security incidents. Analyze business needs and oversee security architecture, administration and policy planning to lessen possibility of security breach. Provide guidance and direction on best practices for the protection of information. Ensure compliance with regulations and privacy laws. May oversee internal or external systems security (e.g., cloud services). JOB SUMMARY: As a Senior Cybersecurity Engineer, you will lead the Mindbody Cybersecurity team in the implementation and support of the Mindbody Cybersecurity program. This role is expected to have the capability to quickly attain an expert understanding of cybersecurity technologies and controls. Understanding underlying technical concepts and how people, processes and technology converge is critical. MINIMUM QUALIFICATIONS AND REQUIREMENTS:
- Bachelor’s degree or equivalent experience.
- CISSP, CISM or GSEC/GSLC strongly preferred.
- Minimum of 6 years technology and information security experience.
- Strong familiarity with public cloud technologies (AWS/Azure/GCP) and cloud security principles and solutions.
- Strong understanding of networking fundamentals and “How the Internet Works” ™.
- Familiarity with Dev Ops practices and technologies preferred.
- Recommended 2 Years Specific IDS/IPS, SIEM, Vulnerability Management & Remediation Techniques, Data Loss Prevention, Endpoint Protection Platforms or other essential security tooling.
- Experience with or ability to serve effectively on a Cybersecurity Incident Response Team (CIRT).
- Technical expertise in analyzing threat event data, evaluating malicious activity, documenting unusual files and data and identifying tactics, techniques and procedures used by attackers.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
- College level written and verbal communication skills.
- Leadership experience running meetings and preparing/delivering presentations desired.
- Understanding of compliance and security control frameworks including – GDPR, HITRUST, PCI, CSC 18, NIST CSF Core.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
- Strategic planning, deployment and maintenance of a wide variety of security tools and technologies including:
- Vulnerability management solutions.
- SIEM and logging infrastructure.
- Endpoint Protection Platforms (EPP).
- Privileged account access, management, control and monitoring.
- Network security, monitoring and breach detection capabilities.
- Zero trust remote access solutions.
- Support and enforcement of secure Dev Ops processes and tools in public cloud environments.
- Serve as member of the Cybersecurity Incident Response Team (CIRT) and potentially as a CIRT Lead/Incident Commander depending on experience.
- Ongoing response to and management of compliance requirements.
- Responsible for ensuring all Mindbody entities and business units are integrated into security platforms and toolsets per Mindbody policies, standards and guidelines.
- Responsible for front line management of security vendor relationships.
- Responsible for serving as a cybersecurity consultant to internal customers and business unit leaders.
WORK ENVIRONMENT AND PHYSICAL DEMANDS:
- Dexterity of hands and fingers to operate a computer keyboard.
- This position is mostly stationary and will be required to remain stationary for extended periods of time.
- Specific vision abilities required by this position include close vision, color vision and the ability to adjust focus.
- The noise level in the work environment is usually moderately quiet.
- Ability to travel to remote MB locations, conferences and training as needed.
SCOPE OF SUPERVISION/AUTHORITY Individual Contributor: Duties are performed under limited supervision. Often responsible for planning and organizing their own work, which may or may not be directly related to general business operations of the company or its customers. Will receive training and guidance from manager as needed. Individual contributors may be required to regularly exercise discretion and independent judgment with respect to matters of significance depending on the nature of the position. No direct management responsibility.