This is a remote position for candidates located in India, Spain, and Mexico.The Cyber Security Engineer is responsible for understanding security tooling platforms, appropriate configuration & deployment of respective tools to ensure detection, prevention, and response capabilities to the organization. The Cyber Engineer is also responsible to ensure CONMED continues to remain compliant with GDPR, CCPA, HIPAA, and SOX (along with other industry specific requirements). This includes conducting vulnerability and risk assessments as part of the secure development lifecycle of all IT systems, maintaining SIEM technology, EDR, NDR, Secure Networking capabilities, DevSecOps, Application Security, Product Security, and cloud environments. Additional responsibilities include assisting in the development of policies, standards, baselines, guidelines and procedures. This is a remote position for candidates located in India, Spain, and Mexico.Accountabilities:Learn, understand, and apply skills towards security event tirage / incident response investigation. Develop comprehensive workflows, playbooks, and SOPs for response related activities.Operate as a technology driver, continuously improving the cybersecurity posture and maturity at CONMED by assisting with technology frameworks including but not limited to: ISO27001, Cyber Essentials Plus or NIST CSF.Identify and help drive the implementation of security operations / technological best practices to meet cyber maturity objectives.Activities:Conduct security audits and assessments, analyze results, identify remediation activities and/or compensating controls, and track remediation efforts to completionConduct security architecture reviews to identify risks, providing risk mitigation recommendations; track remediation effortsContribute to development of metrics & ongoing measurement to track compliance, risk and the effectiveness of the information security programAssist in evidence generation, collection and other activities in support of the following compliance requirements: HIPAA, CCPA, GDPR, and other global regulationsAssist in the implementation of ISO 27001 Information Security Management SystemEvaluate global frameworks to meet local requirements and/or position CONMED in a competitive position (e.g. Cyber Essentials Plus)Participate in periodic information systems risk assessments.Participate in Business Continuity planning, Disaster Recovery planning and tabletop exercisesCreate project schedules & define dependencies, work with multi-functional teams & multiple stakeholders to complete project milestonesWork with global offices to perform data mapping, auditing of systems and controls for compliance with corporate policies and global regulationsDrive the creation of technical and tactical Incident Response SOPs to improve the security team capabilities.This exciting opportunity is 100% remote!Requirements:Bachelor's degree in a Computer Security related field or equivalentOne of the following preferred certifications: Security+, CEH, AZ-500, SOC-200, OSCP, CISM2+ years' minimum experience in a cybersecurity rolePreferred Qualifications:PMP certification a plusExperience managing and delivering infrastructure projects that involves integrating various technologies and/or replacement of older legacy technologies with newer technologiesExperience in managing projects and providing detailed status/progress on a weekly basisExperience / solid understanding of industry frameworks, including but not limited to SOX, GDPR, ISO 27001, NIST CSFPrior experience as the technical lead for security assessment and new IT technology projects for a large enterpriseExperience implementing information security best practices and implementing security frameworksRisk management experienceStrong collaboration skillsExcellent communication skills, able to analyze and clearly articulate complex issues and technologies in a global, multi-cultural, multi-language environment.Ability to effectively focus on assigned work, completing it with requisite qualitySelf-motivated and able to execute assigned tasks within the parameters agreed to with your managerKnowledge of network protocols, operating systems, and security toolsFamiliarity with common security tools and frameworks, such as NIST, OWASP, CIS, ISO, etc.Ability to breakdown cyber related technical terms for non-cyber team members.
