Sirius XM Radio Inc. Senior Engineer, Information Security in New York, New York
Senior Engineer, Information Security
Type of Position
Location: New York, NY
The Senior Information Security Engineer, reporting to the Sr. Director of Information Security, is responsible for supporting the execution of the Enterprise Security Operations Platform. In particular, this role will focus on the administration and management of a suite of information security countermeasures and associated processes, and providing internal security consulting for business units throughout the Enterprise.
This position is a hands-on information security position responsible for working with members of the technology teams, including technology operations and Development teams, to identify, prioritize, and reduce information security risks in a cost-effective way. In addition to assuring the proper level of focus and controls exist in the right areas, the position will also provide support for web application and web services security, vulnerability scanning/detection utilizing enterprise vulnerability management tools, Data Loss Prevention, security monitoring, and incident response activities.
Duties and Responsibilities:
Serves as information security subject matter expert for infrastructure, connected vehicle services, streaming and systems and network security.
Responsible for supporting the information security program and performance of relevant information security engineering and testing activities.
Collaborates with business owners, product/systems engineers, and operational personnel to understand business priorities and goals, company culture, and processes to identify information security risks; works with teams to recommend and help implement solutions and/or mitigating controls
Performs security threat modeling to determine appropriate security controls
Expedites neutralization of threats that pose immediate danger to the confidentiality, integrity, and availability of information assets
Identifies singular and compound vulnerabilities across operating systems, databases, network infrastructure, and applications
Provides technical design, documented guidelines and implementation support of security controls for servers, workstations, network devices, multi-function devices, mobile computing platforms, and applications
Actively tracks vulnerability findings and status of remediation, driving toward resolution
Validates the continued and proper placement, operation, and tuning of security instrumentation, including vulnerability scanners, intrusion detection sensors, DLP, security log monitoring/correlation tools, file integrity monitoring solutions, and other security relevant controls by monitoring the IT security operations groups and their activities
Provides routine status and metrics for information security to the Director of Operations Security
May perform daily and alert based monitoring of information security events and initiate response procedures in accordance with established processes
May perform routine and ad-hoc information security vulnerability scanning and testing to identify risks to information assets; escalate and expedite resolution/mitigation of vulnerabilities deemed high/critical severity
Helps raise awareness of information security in the company and provide holistic guidance on information security
Supports PCI/PII and other regulatory related activities and remediation
- There are no supervisory responsibilities associated with this job.
7+ years hands-on information technology security experience
A Bachelor's degree from an accredited institution or an equivalent combination of education and work experience.
Certified Information Systems Security Professional (CISSP) certification; additional certifications such as GIAC, CEH, LPT, PCI-ISA, etc. are preferred. Must achieve CISSP certification within 6 months of employment with Sirius XM.
Experience with PCI, ISO, and SOX
Requirements and General Skills:
Self-motivated to constantly hone information security knowledge and skills
Good public speaking and presentation skills
Interpersonal skills and ability to interact and work with staff at all levels
Excellent written and verbal communication skills
Ability to work independently and in a team environment
Ability to project a professional image over the phone and in person
Commitment to "internal client" and customer service principles
Strong organizational skills and attention to details
Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast paced environment
Must have legal right to work in the U.S.
Sirius XM is a 24/7 operational entity and, from time to time, the Senior Information Security Engineer is expected to serve as an on-call resource and to participate in security activities outside of normal business hours.
This position may require 25% travel
Web Application Firewall, IDS/IPS and security event/ log monitoring and correlation (2+ years)
Relevant work experience designing and implementing security controls and securing systems, applications, and infrastructure (5+ years)
Malware protection and response (2+ years)
Working knowledge of ISO standards, PCI, OWASP Top 10
Experience with internet facing services and 24x7 environment
Experience with telematics services is preferred
As an EEO/Affirmative Action Employer all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.
The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.
Company EEO Statement
Our goal at SiriusXM is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation. SiriusXM is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, ancestry, alienage or citizenship status, age, disability or handicap, sex, gender identity, marital status, familial status, veteran status, sexual orientation or any other characteristic protected by applicable federal, state or local laws.