The Systems Security Engineer is a critical member of the Security Engineering and Architecture Team. The role is responsible for engineering, deploying and managing security infrastructure and processes with specific focus on the security of the Lennar Infrastructure, End-point protection, Email & Application security, Mobile Security, and Identity and Access Management. In this role, the Security Engineer will be a key contributor to the design and oversight of corporate security solutions supporting Lennar’s employees, suppliers, and business partners. The Systems Security Engineer will collaborate closely with Lennar Technology Services (LTS) - IT Operations and other Business Unit teams to ensure adequate security solutions are in place throughout all systems and platforms. This is to achieve and maintain a security posture commensurate with the risk tolerance of the organization, meet business objectives and regulatory requirements.
Principal Duties and Responsibilities:
- Provide leadership and technical expertise with the design, deployment and maintenance of Lennar’s security solutions to encompass Identity & Access Management, Network and Endpoint Protection, Application Security, Data Protection, Security Incident & Event Monitoring (SIEM), Threat & Vulnerability Management, and Incident Response.
- Provide expertise and guidance to reduce Lennar's security risks, and ensure controls are applied to meet legal and regulatory compliance.
- Ensure the development of and adherence to Lennar standards and best practices in all areas of security engineering and operations.
- Contribute to the development of Lennar's security engineering roadmap.
- Lead the evaluation and acquisition of security products and services. Assist with response and remediation efforts to internal and external security audits.
- Evaluate and recommend new and emerging security technologies.
- Promote and facilitate effective communication between security engineering, security operations, 'GRC' and other IT departments and or business units.
- Facilitate response and remediation efforts to internal and external security audits.
- Participate in the Security Incident Response Team.
- Participate in post-mortem investigation of security incidents, and prepare reports documenting the findings.
Education and Experience Requirements:
- Bachelor’s degree in any technology related field required. Advanced degree preferred.
- 5+ years’ experience engineering and delivering security technologies or services in mid to large-scale enterprise environments.
- 'CISSP' and / or other industry and vendor-specific security certifications highly preferred.
- Strong knowledge of security concepts and technologies in Identity & Access Management (IAM), Network and End-point Protection, Application Security, Data Protection, Security Incident & Event Monitoring (SIEM), Threat & Vulnerability Management (TVM), and Incident Response.
- Experience in one or more of the following technical domains:
- Experience with engineering, deployment, management and administration of Identity and Access Management (IAM) technologies to include Identity and Access Governance (IGA), Directory Services, Single Sign-On (SSO) and Privilege Account Management (i.e OKTA, Microsoft, CyberArk, SailPoint).
- Experience with engineering, deployment, management and administration of Security Information and Event Management (SIEM) and User and Entity Behavioral Analytics (UEBA) (i.e. Splunk, Exabeam, Securonix, LogRhythm).
- Experience with Engineering, deployment, management and administration of modern enterprise grade Network Firewall infrastructure to include: intrusion detection and prevention, advanced malware detection, logging, and reporting functionality (i.e Palo Alto Networks).
- Experience with securing Cloud solutions (i.e. Office360, Azure, Box.com etc.)
- Strong understanding of security standards and best practice frameworks. Industry-specific standards and frameworks experience desirable.
- Experience in identifying and analyzing emerging and advanced threats.
- Experience with working across teams and third party vendors to resolve security issues.
This is primarily a sedentary office position which requires the Systems Security Engineer to have the ability to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary.
- Proficient in technical writing, and oral communication skills.
- Ability to confidently and simply explain technical security issues without hype or buzzwords.
- Ability to deal effectively with a wide range of vendors, service providers, and regulatory agencies.
- Ability to facilitate productive meetings and work successfully in a team-oriented environment.
- Have the ability to work with technical and non-technical business owners to develop solutions.
- Ability to exercise sound judgment in complex situations.
- Strong problem solving and decision-making skills.
- Handle multiple competing priorities in a fast-paced environment.
- Strong commitment to customer service.
- Results oriented, high energy, self-motivated.
- Ability to work well under minimal supervision.
- Some travel may be required for internal, conference, customer, partner and vendor meetings.
- Job Knowledge - Continuously enhances overall knowledge and seeks out new learning opportunities. Understands the elements of People, Process, and Technology as part of solutions.
- Attitude - Demonstrates optimism, persistence, positive attitude and displays loyalty to the organization.
- Accountability - Accepts responsibility for own actions and decisions. Readily coachable and able to be developed. Fully engages in work and offers assistance at all levels.
- Communication - Effectively conveys information and expresses thoughts and facts. Demonstrate effective use of listening skills and displays openness to other people’s ideas.
- Teamwork / Collaboration - Works cooperatively and develops effective working relationships across the organization. Champions team success over personal success. Openly shares information, opinions and ideas with others.
- Integrity & Trust - Presents the truth in an appropriate and helpful manner, keeps confidences, admits mistakes and doesn’t misrepresent for personal gain. Always suggests and defends the concepts of right and wrong behavior.
- Customer Focus - Meet and exceed the needs of customers, both internal and external. Continually seek to provide the highest quality service.
- Action Oriented - Driven to achieve and be successful in any task. Work at high level of efficiency and able to prioritize work and focus on most important items first.
- Problem Solving & Creativity - Makes sound, logical decisions based on facts. Utilizes resources to apply practical and creative solutions. Openness to new approaches and ideas.
- Leadership - Think strategically to align with business goals, and lead others in achieving those goals. Holds safety as a core value and acts as a role model to others.