Sirius XM Radio Inc. Senior Engineer, Information Security in Washington, District Of Columbia

Requisition ID

18-424

Job Title

Senior Engineer, Information Security

Location

District Of Columbia

Schedule

Full-time

Type of Position

Regular

Job Description

Location: Washington, D.C.

Position Summary:

The Senior Information Security Engineer, reporting to the Director, Security Technology and Investigations, is responsible for supporting the execution of the Information Security Incident Response and security management programs within the Enterprise Information Security and Compliance department. In particular, this role will focus on cyber security and cloud security including the administration and management of a suite of information security countermeasures and incident investigations, and will provide internal security consulting and architectural reviews for business units through the enterprise, with an emphasis on cloud security.

This position is a hands-on information security position responsible for working with members of the technology teams, including technology operations and development teams, to identify, prioritize, and reduce information security risks in a cost-effective way. In addition to assuring that the proper level of focus and controls exist in the right areas, the position will also provide vulnerability scanning/detection utilizing Tenable Security Center, Data Loss Prevention, security monitoring, and incident response activities.

The position is also responsible for conducting information security and data breach investigations, analyzing incidents where security or data breach is suspected, and documenting and reporting on the investigations and tracking all remediation items to closure.

Duties and Responsibilities:

  • Serves as information security subject matter expert for infrastructure, broadcast, connected vehicle services, streaming and systems and network security.

  • Supports the information security program and performance of relevant information security engineering and security architecture development activities for the broadcast, connected vehicle services, streaming and infrastructure services of Sirius XM.

  • Collaborates with business owners, product/systems engineers, and operational personnel to understand business priorities and goals, company culture, and processes to identify information security risks; works with teams to recommend and help implement solutions and/or mitigating controls.

  • Provides technical design, documented guidelines and implementation support of security controls for servers, workstations, network devices, multi-function devices, mobile computing platforms, and applications.

  • Advises on information security best practices and design standards as applied to cloud deployments.

  • Serves as a technical security liaison with OEM clients and their respective security representatives as assigned.

  • Actively tracks vulnerability findings and status of remediation, driving toward resolution.

  • Validates the continued and proper placement, operation, and tuning of security instrumentation, including vulnerability scanners, intrusion detection sensors, DLP, security log monitoring/correlation tools, file integrity monitoring solutions, and other security relevant controls by monitoring the IT security operations groups and their activities.

  • Conducts threat modeling for cloud and enterprise applications, systems and networks.

  • Expedites neutralization of threats that pose immediate danger to the confidentiality, integrity, and availability of information assets.

  • Evolves and adapts incident response and handling procedures commensurate with changing threat landscape and business needs.

  • Provides routine status and metrics for information security to the Director, Security Technologies and Investigations.

  • May perform daily and alert based monitoring of information security events and initiate response procedures in accordance with established processes.

  • May perform routine and ad-hoc information security vulnerability scanning and testing to identify risks to information assets; escalate and expedite resolution/mitigation of vulnerabilities deemed high/critical severity.

  • Helps raise awareness of information security in the company and provide holistic guidance on information security.

  • Develops and conducts Cloud security training for end users and operational units.

Supervisory Responsibilities:

  • There are no supervisory responsibilities associated with this job.

Minimum Qualifications:

  • 7+ years of hands-on information technology security experience.

  • A Bachelor's degree or equivalent, relevant experience.

  • Must have current Certified Information Systems Security Professional (CISSP) certification or obtain it within one year of hire.

  • Additional certifications such as GIAC (SANS) certifications, CEH, LPT, PCI-ISA, etc. are preferred. Documentation of successful completion of underlying coursework for such certifications may be considered.

  • Special preference will be given to cloud security certifications, whether vendor-neutral (CCSK, CCSP) or vendor-specific (AWS Certified Solutions Architect).

  • Experience with PCI, ISO, and SOX or analogous experience with regulatory compliance in other industries preferred.

Requirements and General Skills:

  • Self-motivated to constantly hone information security knowledge and skills.

  • Good public speaking and presentation skills.

  • Interpersonal skills and ability to interact and work with staff at all levels.

  • Excellent written and verbal communication skills.

  • Ability to work independently and in a team environment.

  • Ability to project professionalism over the phone and in person.

  • Commitment to "internal client" and customer service principles.

  • Strong organizational skills and attention to details.

  • Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast-paced environment.

  • Must have legal right to work in the U.S.

  • Sirius XM is a 24/7 operational entity. From time to time, the Senior Information Security Engineer is expected to serve as an on-call resource participating in security activities outside normal business hours.

  • This position may require 25% travel.

Technical Skills:

  • 5 + years of relevant work experience designing and implementing security controls and securing systems, applications, and infrastructure.

  • 2 + years of relevant work experience - Vulnerability and penetration testing tools and techniques.

  • 2 + years of relevant work experience - Malware protection and response.

  • 2 + years of relevant work experience - IDS/IPS and security event/ log monitoring and correlation.

  • 1 + years of relevant work experience -- Information security in the cloud.

  • 1 + years of experience - Security program implementation.

  • Working knowledge of ISO standards, PCI, OWASP Top 10.

  • Experience with internet facing services and 24x7 environment.

  • Experience with broadcast operations and/or telematics services is preferred.

As an EEO/Affirmative Action Employer all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.

The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.

Company EEO Statement

Our goal at SiriusXM is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation. SiriusXM is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, ancestry, alienage or citizenship status, age, disability or handicap, sex, gender identity, marital status, familial status, veteran status, sexual orientation or any other characteristic protected by applicable federal, state or local laws.