Cybersecurity Principal Engineer

Cox Enterprises is hiring a Cybersecurity Principal Engineer to support our cyber strategy and "Build Secure" initiative. As our business adopts new cloud technologies to serve our customers, our cloud (and on-prem) architectures must remain secure. Shifting left on security through our Build Secure approach enables us to keep pace with the business through integrating security into the design of new technology solutions so that our environments are secure-by-design. We accomplish this objective through deep experience in cloud, cybersecurity, and technology domains to deploy automation and embedded security guardrails. In this role, you'll report to our Senior Director of Cyber Defense and Security Solutions & Architecture. This Principal Engineer will help evolve our cybersecurity program, so it is more streamlined, developing and improving processes and overarching cybersecurity frameworks. Sound interesting? Here's a snapshot of what you'll do and what we're looking for.
What You'll Do

• Collaborate with cross-functional teams to evolve our cloud security capabilities as we execute on our enterprise cloud strategy
• Support expansion of cloud solutions through collaborating with our Cloud Business Office and infrastructure teams to design and implement secure architectures and integrated security guardrails that enable us to maintain a secure posture across a multi-cloud environment
• Support cloud security posture management / cloud native app protection (CSPM / CNAPP) - from development of new policies and tuning to our environments, to working with cross-functional teams to address vulnerabilities, to developing automated remediation capabilities to quickly address misconfigurations
• Support our strategy to secure and monitor APIs
• Integrate into our DevOps teams to support the design of secure CI/CD processes (e.g., security as code for secure pipelines, infrastructure as Code, etc.)
• Support our cyber risk assessment process for new apps and solutions by reviewing architecture designs (including through a threat modeling lens) and confirming the designs conform to our standards and design patterns
• Drive/influence risk mitigations and/or security vulnerability remediation, as needed, to bring new apps and solutions online securely
• Support M&A activity as needed
• Help with the development of key reporting metrics and executive presentations to make sure there is always an awareness of and support for this important initiative

What's In It for You?

• We want you to feel cared for and respected, and that starts with Cox's highly competitive pay and other compensation perks (401k + company matching, comprehensive medical benefits, etc.). We also offer Cox discounted services, tuition reimbursement for academic pursuits, adoption assistance, paid time off to volunteer, childcare and eldercare resources, pet insurance and much more.
• Good work should be rewarded, and not just with a healthy paycheck. The Cox culture is one that values people more than technology, so it's our goal to make sure you feel recognized for your contributions. It's also important to work alongside colleagues who "get you." At Cox, you'll find a workplace where relationships are crafted with care and successes are celebrated with high fives. We strive to create an environment where you can do you, and everyone from leadership to new hires can support and feel supported.
• Growth is a good thing, and you'll have opportunities to learn and train so you can sharpen your skills and explore opportunities across the Cox family of businesses that will continue to challenge and empower you. In the future, you may have the opportunity to cultivate customer relationships in other sectors where we operate like cleantech, health care and new forms of transportation mobility.

Qualifications:
Minimum:

• Bachelor's degree in a related discipline and 10 years' experience in a related field.
  • The right candidate could also have a different combination, such as a master's degree and 8 years' experience; a Ph.D. and 5 years' experience in a related field; or 14 years' experience in a related field.
• Experience designing and implementing secure cloud architectures
• Hands-on experience implementing and tuning security policies in a CSPM / CNAPP solution
• Experience with API security controls and implementing protections that secure integrations into CEI networks
• Experience with key management solutions and implementing leading practices for key rotation
• Secure application development experience or experience working in a DevSecOps construct to develop new solutions
• Experience managing cross-functional enterprise security projects with initiatives involving multiple departments and stakeholders
• Experience participating in or delivering executive-level presentations on technical cybersecurity topics to senior leadership
• Experience authoring or contributing to written documentation such as security architecture reviews, risk assessments, or compliance reports for both technical and non-technical audiences

Preferred:

• Possesses ability to clearly summarize problems and tailor messaging for intended audiences
• Big Four or other consulting background
• At least one security related certification - CISSP, CISM, CRISC, CISA
• Subject Matter Expertise in security frameworks such as HITRUST, HIPAA, ISO 27000, NIST 800-53, NIST Cybersecurity Framework, SSAE 16 SOC1/SOC2/SOC3, and PCI Data Security Standard
• Able to understand and communicate decisions under conditions of uncertainty and against competing priorities.
• Ability to start and persist with specific courses of action while exhibiting high motivation, sense of urgency, and ownership

USD 159,400.00 - 265,600.00
Compensation:
Compensation includes a base salary of $159,400.00 - $265,600.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.