Principal Security Engineer

Company: RELX Group plc
Location: Alpharetta
Posted on: March 16, 2023

Job Description:

Cirium - Principal Security Engineer

Cirium delivers data and aviation analytics solutions to global leaders in finance, aerospace, travel, governments, airlines and more. On a single day, Cirium manages more than 300 terabytes of aviation data, from airline schedules to aircraft configurations to passenger record numbers. Even during times of disruption, accurate and trusted data is accelerating digital transformation in aviation.

This Principal Security Engineer will provide strategic and tactical technical direction in one or more or key areas, providing management with insight and input into overall strategic decision based on advances in technology. The position also supports the Cirium Security Manager's goals and objectives by addressing escalations, and evaluation of technology controls providing key insight and research in new threats, vulnerabilities, and mitigation techniques.

This position will take the lead in designing creative solutions that use technologies and processes to ensure the confidentiality, integrity, and availability of the organization's assets, information, data, and IT services in an efficient manner.

QUALIFICATIONS:

• Pragmatic approach in advising, recommending, and assisting in the implementation of security controls.
• Lead the exploration of practical security solutions to address emerging threats and compliance requirements, including design and implementation of recommended solutions.
• Lead analysis and review of security events using scan tools for anomalous activity; collaborate with respective peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.
• Help achieve compliance; identify compliance initiatives as well as promote appropriate security policies.
• Work with Cirium's internal teams as partners to validate security effectiveness using a data-driven approach to identify security gaps and areas for improvement.
• Responsible for generating reports for the Cirium Security Manager and Business Leaders to evaluate the efficacy of security policies in place.
• Work in tandem with the Security Manager to build out the Cirium incident response and disaster recovery plans, and other pillars of security.
• Conduct security assessments through vulnerability testing and risk analysis.
• Verify the security of third-party vendors and collaborate with them to meet Cirium Security requirements.
• Effective communicator and listener seeking to build upon security's positive relationships with its business units. TECHNICAL SKILLS:
  • Understand the information security concepts of Confidentiality, Integrity and Availability.
  • Experience working in an Information Security or Cybersecurity role, is preferred.
  • You will have demonstrated leadership in positively implementing security controls in a manner that leads to the overall decrease in risk for a business.
  • 7+ years' experience in security or technology related roles, with solid experience and understanding of security frameworks and controls such as ISO 27001/2, NIST 800-53, GDPR, CCPA, PCI-DSS.
  • Working knowledge of threat modeling. Understand what STRIDE and PASTA are and how to implement.
  • Foundational understanding of Machine Learning / Artificial Intelligence attack vectors.
  • Passion for security and helping others understand its purpose ACCOUNTABILITIES:
    • Conduct technical risk assessments, such as vulnerability scanning, penetration testing, risk reviews for new applications, and third-party risk assessments.
    • Responsible for handling service requests from the Business and Technology teams.
    • Responsible for analyzing/validating the requirements, defining the access rules, scripting the changes, and providing troubleshooting support related to any access issues.
    • Assist with reviewing existing tools, applications, and processes to help strengthen and optimize current capabilities, as well as identifying any gaps or technical solutions to further enhance the team's effectiveness.
    • Communicate problems and solutions verbally and in written form to peers and management.
    • Compliance and governance: help achieve compliance, identify compliance initiatives, and author and promote appropriate security policies.
    • Lead analysis and review security events for anomalous activity, collaborate with respective peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.
    • Lead the exploration of practical security solutions to address emerging threats and compliance requirements, including design and implementation of recommended solutions.
    • Develop and implement security programs: manage and execute project deliverables; communicate to affected stakeholders including departments within the company; develop program procedures including guidelines and flow diagrams to be implemented on an ongoing basis; and develop tools or metrics that allow for the measurement of successful program implementation.
    • Communication and outreach: maintain communication with peers throughout the organization and security contacts including Business Units and subsidiary locations; survey clients to determine appropriate communication methods; deliver solutions to help raise security awareness; and develop and disseminate information regarding security controls and newly identified risks.
    • Assesses and measure security programs to ensure closed-loop operations.
    • All other duties as assigned.
      
      At Cirium we are proud of our heritage, since 1909, the very early days of flight where we were the first to bring forward aviation insights on this fledgling industry. We have transformed significantly over the years and we are proud of the future business we are building together. Our people are at the center of who we are. Whatever your background you are welcome. We are looking for talented and dynamic team players who focus on delivering successful outcomes.
      
      #LI-ZM1#LI-Remote
      
      We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. If a qualified individual with a disability or disabled veteran needs a reasonable accommodation to use or access our online system, that individual should please contact accommodations@relx.com or if you are based in the US you may also contact us on 1.855.833.5120.
      
      Please read our Candidate Privacy Policy

Keywords: RELX Group plc, Alpharetta , Principal Security Engineer, Other , Alpharetta, Georgia