Manager of Security Engineering

Company: Penguin Random House LLC 

Requisition ID: 33399 

The Manager/Asc. Director of Security Engineering and Architecture role with Penguin Random House, is for a hands-on technical leadership role with good interpersonal and communication skills.  Within the role you will be responsible for security related tasks, including the implementation of security automation and helping IT shift left (DevSecOps).  The responsibilities will vary from managing a team of engineers and architects to providing defense in depth, performing assessments of security architecture, making practical recommendations to reduce risks, helping realize change within the organization, and prevention and remediation of security vulnerabilities within cloud and traditional infrastructure using existing or new solutions.

Major Functions

• Lead information security implementation projects and provide hands-on support
• Provide leadership with assessing, designing, implementing, automating, and documenting security solutions and processes for Amazon Web Service (AWS), MS Azure, GCP, SaaS applications and other cloud platforms.
• Develop and maintain technology, operations roadmaps for security infrastructure components, including but not limited to intrusion prevention/detection, data security (DLP/DRM), identity and access management, IT/network security, security information & event management (SIEM), vulnerability management, code review, etc.
• Manage the assessment of information systems to ensure that appropriate security functions have been included in the systems design and architecture
• Partner with other Information Security leadership team members to collectively build and drive the Information Security Program, Strategy, and Roadmap
• Provide leadership, guidance and training to information systems security personnel
• Manage vulnerability and threat assessments, and directing responses to network or system intrusions
• Work with the incident response team to contain and investigate security events, and prevent future information security breaches with detailed root cause analysis
• Assist in providing information security awareness training to organization personnel
• Propose Security policies, standards, and procedures related to information systems security, including Incident Response
• Assist in evaluating department budget and costs
• Communicate information security goals and new programs effectively with other department managers within the organization
• Write Risk Management Framework (RMF)-based procedures and develop comprehensive cyber security processes from project inception through to implementation, including Risk Assessments.
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Available to work off hours during the evenings and weekends as required, sometimes with little advanced notice. 

Required Knowledge and Skills

• Have experience of producing and maintaining Security Design patterns for Cloud, IAM, PKI, Encryption, Secure SDLC, NAC, SIEM use cases, Cyber Threat Intelligence integration, security zoning Concepts, Mobile Device Protection, End User and End Point Protection, Web App Security, Secure Coding, DLP.
• Have experience in providing guidance to engineering, design and operational teams in the application of security architecture principles and methods. Management and escalation of security-based risk with a clear distinction between information security and enterprise security risks.
• Experience in DevSecOps environments working with and influencing developers to maintain security through CI/CD processes.
• Experience with cloud security principals as well as architectures, and technologies and hands on experience with Amazon Web Services (AWS) including CloudFormation, CloudWatch, Lambda, IAM, KMS, VPC, ELB, EC2, CloudTrail, AWS Organizations
• Experience working with container technologies including Docker and Kubernetes
• An understanding of encryption tools, best practices, and forensics.
• Knowledge of network based, system level, and application layer attacks and mitigation methods
• Experience with analyzing pertinent security data from SIEM solutions, including AWS audit logs, and reports
• Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.
• Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
• Experience of participation in project definition workshops, design workshop and technical review boards (TRB).
• Continually keep abreast of current and emerging cyber security threats, technologies and defenses

Education and Experience requirements:

• Industry recognized certification in security is a plus (e.g., CISSP, CISA, CISM, CRISC,CEH, etc.)
• Requires 10 years’ experience in information technology with a focus on infrastructure, engineering and architecture; 5 in leading an information security operations

Penguin Random House is the leading adult and children’s publishing house in North America, the United Kingdom and many other regions around the world.  In publishing the best books in every genre and subject for all ages, we are committed to quality, excellence in execution, and innovation throughout the entire publishing process: editorial, design, marketing, publicity, sales, production, and distribution.  Our vibrant and diverse international community of nearly 250 publishing brands and imprints include Ballantine Bantam Dell, Berkley, Clarkson Potter, Crown, DK, Doubleday, Dutton, Grosset & Dunlap, Little Golden Books, Knopf, Modern Library, Pantheon, Penguin Books, Penguin Press, Penguin Random House Audio, Penguin Young Readers, Portfolio, Puffin, Putnam, Random House, Random House Children’s Books, Riverhead, Ten Speed Press, Viking, and Vintage, among others.  More information can be found at http://www.penguinrandomhouse.com/.

Penguin Random House values the array of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.