Cyber Security Engineer
The Cyber Security Engineer reports into the Cyber Security Manager and is based in Burbank, California. This position is responsible for identifying, evaluating, and reporting on cyber security risks, developing a set of security standards and best practices for the organization, monitoring networks and systems for security breaches and intrusions, leading technical and forensic investigations, managing the Deluxe vulnerability and penetration testing programs, and providing and implementing recommendations for security enhancements to management teams as needed.
• Perform application and web-based security vulnerability assessments and penetration tests in accordance with industry accepted methods, protocols, and tools.
• Planning, implementation, management, monitoring, and upgrading security measures for the protection of the organization's data, systems, and networks.
• Prepare operational test environments for network penetration and attack scenarios.
• Develop detailed work plans, schedules, resource plans for recurring vulnerability and penetration assessments.
• Prepare post-test analysis and reporting of penetration and vulnerability testing activities.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, research, and document global threats to IT teams, and communicate residual risk.
• Perform static and dynamic analysis, reverse engineering, and debugging of malware samples using industry recognized tools including defeating anti debugging, packing, and obfuscation techniques.
• Identify and respond to cyber-security incidents in accordance with the Incident Response process
• Monitor and operate enterprise-wide security platforms, investigate events using enterprise Security Information Event Manager (SIEM) and various network forensic tools, and work with the business on remediation efforts.
• Analyze security logs and investigate network and server security violations and intrusions.
• Forensically secure, preserve, capture, and analyze data from volatile memory and physical disks from laptops, desktop computers, servers, and mobile devices.
• Perform in-depth forensic analysis of captured data, network traffic, volatile memory, and host images to identify indicators of compromise and develop actionable threat intelligence.
• Monitor and analyze enterprise network and host-based sensor data originating from IDS/IPS, AD Domain Controllers, Endpoint Security Solution, SIEM, and Firewalls.
• Perform additional Cyber Security related duties as assigned.
What You Bring
• A degree in computer science, IT, systems engineering, or related field preferred.
• CCSP, OSCP, CEPT, GIAC, GWAPT, GPEN, CREA, EnCE certifications preferred.
• Movie industry or related field experience preferred.
• 2 - 4 years of working experience in Cyber Security related role.
• Network Security subject matter expert with experience and knowledge of application, web and network penetration testing and associated methodologies Including vulnerability assessment, attack vectors, and industry recognized open source and commercially available tools.
• Familiarity with Common Weakness Enumeration (CWE), Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE), and Common Vulnerability Scoring System (CVSS)
• Strong awareness of cybersecurity trends, emerging security technologies, and evolving threats.
• Advanced knowledge and experience of Windows Operating System Internals (Kernel, Registry, File systems (NTFS, FAT), Windows APIs)
• Advanced knowledge and experience of cloud provider ecosystems like Amazon AWS.
• Expert knowledge of Cloud infrastructure, security architectures, and standards
• Expert technical knowledge of AWS foundation services related to compute, network, storage, content delivery, administration, security, deployment, and management.
• Ability to demonstrate clear understanding of current threats to Cloud infrastructure and/or IT infrastructures.
• In-depth knowledge of managing and deploying EPP/EDR solutions.
• In-depth knowledge of Linux, Unix operating systems. Kali Linux experience a plus.
• In-depth knowledge of networking and communication protocols and devices (routers, switches, firewalls)
• In-depth knowledge of Splunk, SPL, and Enterprise Security.
• Working knowledge of x86 Assembly, Python, Powershell, Bash
• C#, C++, C preferred
• Working knowledge of EnCase Forensic software and EnScripts.
• Working knowledge of development IDE's, Visual Studio, Codeblocks, Eclipse, PyCharm
• Working knowledge of debugging platforms, IDA Pro, Binary Ninja, x64dbg, OllyDbg, gdb
• Working knowledge of vulnerability scanning tools, Burp Suite, Nexpose, Nessus
• Working knowledge of virtualization technologies, such as VMWare and VirtualBox
• Basic working knowledge of the NIST Cyber Security Framework
• Basic working knowledge of the TPN and MPA best practice frameworks.
• Excellent written and verbal communication, organized thought processes, polite and respectful of others, adapts presentations to the audience, aware of confidential nature of information.
• Excellent understanding of enterprise IT systems, software development languages, ITIL, ITSM
• Thoroughly thinks out and evaluates alternatives, innovative problem resolution, pro-active approach, initiative to resolve problems.
• Produce high quality oral and written work product presenting complex technical matters clearly and concisely.
• Excellent problem-solving skills.
• Ability to work under pressure in a fast-paced environment and works with little direction and supervision, timely completion of projects, makes time for unplanned assignments, adapts to changing priorities.
• Perceived fairness; tolerance; honesty; confidentiality; consistent in enforcement and application of policies and procedures.
We offer competitive pay and a comprehensive benefits program including medical, dental & vision coverage, vacation & sick leave, 401(k), and more.
About the Company
Deluxe, a subsidiary of Platinum Equity, is a global leader in media and entertainment services for film, video and online content. Since 1915, Deluxe has been the trusted partner for the world's most successful Hollywood studios, independent film companies, TV networks, exhibitors, advertisers and others, offering best-in-class solutions in post-production, distribution, asset and workflow management, and cloud-based technologies.
With headquarters in Los Angeles and offices around the globe, the company employs over 3,500 of the most talented individuals, developers, and industry veterans worldwide. For more information, please visit www.bydeluxe.com.
Deluxe is committed to inclusivity, fostering an environment where every employee feels comfortable bringing their full selves to work. It is our policy to provide equal employment opportunities to all applicants and employees. Applicants will receive consideration for employment without regard to, and will not be discriminated against, on the basis of race, color, religion, creed, national origin or ancestry, sex, age, physical or mental disability, veteran status, sexual orientation, gender identity or expression, genetic information or any other legally recognized protec
Jobcode: Reference SBJ-r0y8wm-3-236-117-38-42 in your application.