Sr. Engineer Cyber Security

JOB SUMMARY

The Senior Cyber Security Engineer at Doble Engineering will leverage Cyber Security related technical skills across various security initiatives while collaborating with IT, engineering, and product teams. This highly visible role will require the person to stay on top of the latest security issues and technologies shaping the industry. This role will have exposure to emerging trends in areas like Cloud, AI Security, and Critical Infrastructure Protection. Our environment provides opportunities to translate security concepts into functioning solutions through collaborations with various engineering teams. This position will be located at Doble's Marlborough facility and will report directly to the Cyber Security Manager.

ESSENTIAL JOB FUNCTIONS

• Support Doble Cybersecurity Solutions including performing weekly patch management process, maintain NERC CIP compliance and SLAs, weekly customer calls, and contribute to sustaining the product enhancement.
• Lead security activities within the SDLC including Code Reviews, Threat Modeling, SAST, DAST, & SCA.
• Lead Penetration Testing on Doble products such as Web, Thick, and API applications.
• Conduct periodic security reviews to evaluate the effectiveness of existing security measures.
• Collaborate with internal and external stakeholders to ensure technology solutions meet security requirements.
• Serve as a Subject Matter Expert (SME) for Cyber Security for other Departments queries, recommendations and needs.
• Coordinate with different teams within the organization to ensure software, hardware

and network security.

• Respond to and mitigate incidents and security threats, performing digital forensics and incident response when necessary.
• Maintain Cybersecurity policies, standards, and procedures.
• Develop training and guidance materials on security awareness and best practices to other personnel.
• Staying up to date with the latest security threats and trends.
• Manage and/or contribute to additional security projects and tasks as needed.
• Ability to prototype and implement new security tools and technologies.

QUALIFICATIONS

EDUCATION:

• Bachelor's degree in Cybersecurity, Computer Science, or related field

REQUIRED EXPERIENCE:

• 5+ years of experience as a security engineer or equivalent
• The ideal candidate will have an in-depth understanding of the NIST based on practical working experience and a functional knowledge of security standards such as NERC CIP, ISO 27001, IEC 62443.
• Solid understanding of the OWASP Top 10, OWASP ASVS, and other security frameworks.
• Proven cyber security experience with Firewall, Cloud, and SIEM tools (e.g., Azure, Secureworks MDR, Synk, Fortinet, KnowBe4, BitSight etc.)
• Expert with manual vulnerability testing, exploit development, and static code analysis, using commercial and open-source penetration testing tools like Burp Suite, OWASP ZAP, Metasploit, SQLMap, etc.
• Excellent analytical and problem-solving skills.
• High level of attention to detail and quality of work product.
• Ability to work independently with minimal oversight and within a team environment.
• Strong organizational skills; ability to accomplish multiple tasks within the agreed upon timeframes through effective prioritization of duties and functions in a fast-paced environment.
• Strong written and oral communication skills, including the ability to present ideas and suggestions clearly and effectively.
• Good judgment, a sense of urgency, and a commitment to high standards of ethics, regulatory compliance, customer service, and business integrity.

PREFERRED EXPERIENCE (Not Required):

• Master's degree in Cybersecurity, Computer Science or other relevant technical discipline
• 5+ years of experience in a security engineer or related role.
• 2-5 years of hands-on penetration testing experience.
• 2-5 years' experience using endpoint security tools to investigate.
• Operational experience with incident response, vulnerability management, network and security monitoring.
• Certification in one or more of the following: CISSP, OSCP, OSCE, GPEN, CEH, Azure, Security+.
• Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, local security association member, participated in free skill-building / hacking challenges - SANS Holiday Hack, HackerOne CTF, HackTheBox, etc.).
• Demonstrated ability to lead and mentor security team members, fostering continuous improvement and collaboration.
• Knowledge of AI security and generative AI systems.
• Knowledge of various security and risk assessment tools.
• Familiarity with networking protocols and components.
• Ability to clearly explain complex security issues to leadership.
• Familiarity with regulatory compliance in the Power Industry.

Knowledge, Skills & Abilities

• Possess core competencies around security assessments, patch management, and a good understanding of frameworks such as NIST
• Strong communication skills
• Analytical thinking
• Occasional travel up to 10% may be required to support the position's responsibilities
• Occasional off hours work may be required

PHYSICAL REQUIREMENTS:

While performing the duties of this job the employee is often required to stand, sit, use computers, read, write, type, use copy machines, file paperwork, use telephones, and utilize written and oral communication to interact with clients, co-workers, and customers. Reasonable accommodations may be made to enable individuals to perform the essential functions of this job. Must be capable of lifting 30 pounds. Must use assistance when lifting 50 or more pounds.

Actual base salary offered to the hired applicant will be determined based on their work location, level, qualifications, job related skills, as well as relevant education or training experience.
Salary Pay Range Minimum $116,426.92 - Midpoint $145,533.65

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

We are an Equal Employment Opportunity employer that values the strength diversity brings to the workplace. All qualified applicants, regardless of race, color, religion, gender, sexual orientation, marital status, gender identity or expression, national origin, genetics, age, disability status, protected veteran status, or any other characteristic protected by applicable law, are strongly encouraged to apply.

The Americans with Disabilities Act of 1990 (ADA) prohibits discrimination by employers, in compensation and employment opportunities, against qualified individuals with disabilities who, with or without reasonable accommodation, can perform the "essential functions" of a job. A function may be essential for any of several reasons, including: the job exists to perform that function, the employee holding the job was hired for his/her expertise in performing the function, or only a limited number of employees are available to perform that function.

Applicants must be authorized to work for any employer in the United Sates. Doble Engineering is unable to sponsor or take over sponsorship of an employment visa at this time.