Principal Cybersecurity Engineer - Cyber Defense Professionals

Job Expired

Company Profile

A Fortune 500 company, CBRE is the global leader in real estate services and leverages the industry’s most powerful knowledge base to meet the commercial real estate needs of its clients worldwide. Our vision is to be the preeminent, vertically integrated, globally capable real estate service firm. Globally we employ over 80,000 employees and operate in over 60 countries.

The Team

Global Cyber Security Office – The Global CSO’s mission is to mitigate cyber security risk by actively working with the CBRE business, Digital & Technology and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection / monitoring capabilities globally.

The Cybersecurity team is globally responsible for tracking security weaknesses and improvement as well as helping the company apply higher security standards. Presentation, interpretation and prioritization of the data are key for targeting improvement efforts.

Key Responsibilities

Lead the review of security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities related to business assets
Help lead meetings with business partners to ensure remediation efforts adhere to corporate standards and policies
Perform comprehensive vulnerability assessments and continuous monitoring across the organization
Maintaining familiarity with industry trends and security best practices as well as contributing to the information security team’s continuous improvement efforts
Identify attack surface reduction opportunities via vulnerability data analysis, trends, and asset metadata review
Work with other organizations such as Governance and Infrastructure to report on program status and coordinate risk tracking
Produce visualizations of data to monitor developing trends/patterns and highlight areas of potential improvement
Validates the vulnerabilities identified against the NIST Framework, National Vulnerability Database, MITRE ATT&CK and Security Best Practice standards such as CIS Benchmarks and vendor hardening standards
Develop deliverable timelines and provide updates at regular cadence to the overall completeness of project efforts
Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation
Help identify and create metrics and KPIs (Key Performance Indicators) that could be tracked to measure the operational efficiency and engineer the respective remediation
Create and maintain documentation of implemented solutions/systems including standard operating procedures
Manage vulnerability related tickets to ensure issues are remediated within proper timelines
Manage the onboarding of penetration tests, track to completion, and create metrics to demonstrate progress and maturity
Experience preparing vulnerability data and reports for both technical and executive audiences
Producing executive metrics and aging reports for managing an effective Vulnerability Management program

Required Knowledge and Skills:

Advanced knowledge of the OSI model and security that is associated with each layer
Experience in information security domain (vulnerability management and technical security standards compliance monitoring programs)
Strong working knowledge of Linux/Unix and Windows operating systems
Expert experience with vulnerability assessment solutions
Strong technical understanding of CVSS, OWASP Top 10 and vulnerability exploitability ratings
Thorough understanding of TCP, UDP, HTTP, IP, and other network protocols
Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action
Advanced technical writing
Proactive go getter attitude to solve challenging problems
Stays up to date with current vulnerabilities and vulnerability related news
High level IT security processes
Extensive working experience with cloud technologies and tools such as AWS and Azure
Think positively when faced with obstacles, build on other ideas, think logically and intuitively
Ability to use manual tools to re-create and evaluate vulnerabilities

Required Knowledge and Skills:

Advanced knowledge of the OSI model and security that is associated with each layer
Experience in information security domain (vulnerability management and technical security standards compliance monitoring programs)
Strong working knowledge of Linux/Unix and Windows operating systems
Expert experience with vulnerability assessment solutions
Strong technical understanding of CVSS, OWASP Top 10 and vulnerability exploitability ratings
Thorough understanding of TCP, UDP, HTTP, IP, and other network protocols
Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action
Advanced technical writing
Proactive go getter attitude to solve challenging problems
Stays up to date with current vulnerabilities and vulnerability related news
High level IT security processes
Extensive working experience with cloud technologies and tools such as AWS and Azure
Think positively when faced with obstacles, build on other ideas, think logically and intuitively
Ability to use manual tools to re-create and evaluate vulnerabilities

CBRE is an equal opportunity/affirmative action employer with a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law.

NOTE: An additional requirement for this role is the ability to comply with COVID-19 health and safety protocols, including COVID-19 vaccination proof and/or rigorous testing.

Job ID : 48603