Senior Systems Security Engineer at Muckleshoot Indian Tribe

Responsible for ensuring the CIA triad (Confidentiality, Integrity, and Availability) of the Muckleshoot Indian Tribe computer systems and information to safeguard personnel and tribal members, while also maintaining compliance with NIST, cybersecurity industry best practices, frameworks, and standards. Specifically charged with securing internal and cloud information systems and protecting against identity-based attacks. Collaboration with IT staff and community members is essential to maintaining robust security practices. Staying current on cybersecurity trends, technologies, and threats is crucial for this position, which is vital for safeguarding sensitive information and maintaining the integrity of the Tribe's digital assets.

• Design, engineer, and architect all aspects of systems security, business continuity and disaster recovery.
• Monitor all security solutions, investigate all alerts, and respond appropriately to all identified security threats, incidents, and/or compromise.
• Research, develop and implement a secure AI strategy from the perspective of systems security.
• Maintain the accuracy and success rate of all vulnerability and patch management solutions.
• Manage, configure, and operate the SIEM/SOAR security solution.
• Conduct security scans and penetration testing to validate and remediate the security posture of information systems.
• Conduct threat hunting within our internal systems environment.
• Develop a training apprenticeship program to develop in-house cybersecurity skillsets for junior personnel. Provide On-The-Job mentorship, create training material and virtual labs.
• Because of the Tribe's commitment to community service and the well-being of its members, each employee may be expected to perform a wide range of office and field duties from time to time. Such duties may or may not be related to their regular responsibilities.
  
  
  

Required

• Master’s degree in Computer Science or a closely related field and four (4) years of related industry experience; or Bachelor’s degree in Computer Science or a closely related field and six (6) years of related industry experience; or Associate’s degree in Computer Science or a closely related field and eight (8) years of related industry experience; or
• Ten or more (10+) years of directly related industry experience in lieu of a degree.
  
  
  

Strongly desired

• ISC2 - Certified Information Systems Security Professional (CISSP)
• Microsoft - Cybersecurity Architect Expert (SC-100)
• ISACA - Certified Information Security Manager (CISM)
• CompTIA - CompTIA Advanced Security Practitioner (CASP+)
  
  
  

Skills

• Research and recommend patching for known threats and zero-day vulnerabilities.
• Conduct internal information system risk assessments to recommend and implement changes to procedures, systems, or infrastructure to enhance security and/or address non-compliance with information security standards.
• Research new technology requests and recommend appropriate security guidance.
• Recommend new technology and tools to advance the overall security posture and adapt to the emerging threat landscape of our environment.
• Provide security training and awareness campaigns to help educate staff.
• Manage the risk registry and provide appropriate recommendations and accountability.
• Assist and provide guidance to lower-level team members with assigned duties and responsibilities.
• Assist and take instruction from direct leadership with duties and responsibilities as assigned.
  
  
  

Ability

• Requires ability to appropriately manage and handle highly confidential information.
• Requires ability to remain focused, self-motivated, and initiative-taking while working independently or on a team, regardless of working onsite or remotely with little to no instruction.
• Requires planning, organizing, and working on multiple tasks at one time with tight time constraints.
• Requires ability to identify the most important tasks and prioritize accordingly.
• Requires ability to implement a logical and structured approach to time management.
• Requires ability to demonstrate a high level of professionalism and show respect to all co-workers, patients, business partners, and members of the public.
• Requires ability to demonstrate a strong collaborative mindset, share knowledge, and function as a contributing member of the team.
• Requires ability to work effectively with all levels of the organization and broad technical understanding, while providing excellent customer service.
• Requires ability to demonstrate a high level of communication skills, both verbal (meeting organizer, training, etc.) and written (E-mail, IT policy, documentation, etc.) to C-level executives, auditors, end users, and engineers.
• Requires ability to quickly learn, conduct own research as necessary, and retain information.
• Requires ability to quickly understand information systems to identify and validate security requirements.
• Requires ability to stay up to date on all current cybersecurity events and zero-day exploitations.
• Requires ability to demonstrate strong critical-thinking and problem-solving skills.
• Requires ability to demonstrate acute attention to detail.
  
  
  

Knowledge

• Professional experience penetration testing and Kali Linux.
• Professional experience with various AV/EDR, SIEM/SOAR and SOC management.
• Professional experience with vulnerability management and patch management.
• Professional experience with hardening ADUC, GPM, and OS environments such as Windows, Linux, MacOS, VMware, etc.
• Professional experience with ADFS, SAML, API, SSO, and MFA.
• Professional experience with scripting languages and automation such as Python, PowerShell, etc.
• Professional experience with Azure, M365, Defender for Identity, Purview, Intune, and Entra ID.
• Professional experience with ADCS, PKI/certificate authority, and OpenSSL.
• Professional experience with HA and BCDR.
• Professional experience with security frameworks such as NIST and CIS Controls, as well as regulations such as PCI-DSS, HIPAA, and FERPA from the perspective of systems security.
  
  
  

Primarily involves working in an office environment, requiring prolonged periods of sitting and using a computer. The role may occasionally require lifting of equipment up to 50 pounds. The Systems Security Engineer, Sr. should be able to move around the office to collaborate with team members and attend meetings. Visual acuity is necessary to review detailed security reports and monitor system alerts. The position may involve occasional travel to attend training sessions or conferences. The Systems Security Engineer, Sr. must be able to handle stress effectively and work under pressure during security incidents.

OffSec - Offensive Security Certified Professional (OSCP)