Cybersecurity Engineering Manager
Montefiore Health System · Bronx, NY · 2 mo ago
Engineering$136k–$170k/yrFull-time
Responsibilities
- Manage day-to-day cybersecurity engineering operations.
- Oversee secure configuration and maintenance of endpoint, network, cloud, and email security tools.
- Develop and maintain security engineering standards and runbooks.
- Manage vendor relationships and contract performance.
- Lead outage response and customer communication during security tool failures that significantly impact business operations.
- Support audits, risk assessments, and regulatory inquiries.
- Ensure high availability and resilience of security controls.
- Continuously mature security engineering capabilities.
- Participate in verification and validation testing of security controls across cloud and on-premise environments.
- Ensure security engineering participation in enterprise change management processes.
- Define and improve security engineering metrics for resiliency, availability, and operational efficiency.
- Lead engineering efforts to support third-party risk reduction and secure vendor integrations.
- Ensure security tooling supports both legacy and emerging technologies.
- Drive automation and orchestration to reduce manual engineering effort.
- Champion secure-by-design principles across infrastructure and application teams.
- Ensure security solutions are stress-tested to validate performance under peak clinical load.
Requirements
- Required Bachelor’s degree or equivalent work experience.
- 4-6 years progressive cybersecurity engineering experience, with a focus on team development.
- 4-6 years of hands-on experience implementing and managing security technologies to protect against contemporary threats.
- 4-6 years of experience in leadership: Proven experience leading a team of cybersecurity engineering professionals and coordinating engineering efforts across a large healthcare organization.
- Proven experience in leading and managing a team of cybersecurity professionals in a 7 x 24 on-call operating model.
- Strong decision-making skills, with the ability to manage multiple tools and competing priorities simultaneously.
- Advanced knowledge of cybersecurity engineering principles.
- Strong understanding of cybersecurity threats, attack vectors, and mitigation strategies including Zero Trust and defense-in-depth strategies.
- Proficiency in using and managing contemporary on premise and cloud-based cybersecurity tools such as internet proxies, employee and vendor remote access technologies, endpoint agents for Endpoint Detection and Response (EDR) and internet client connectors, support of unique anti-phishing platforms and secure file transfer solutions.
- Experience in handling outages and complications associated with these tools and to be the face of customer service when handling events that impact the business.
- Excellent communication skills, with the ability to articulate technical issues to both technical and non-technical stakeholders.
- Familiarity of healthcare regulatory requirements (HIPAA, HITECH, NYSDOH).
- Knowledge of email security and anti-phishing technologies.
- Experience in designing and implementing cloud-native security controls across IaaS, PaaS, and SaaS platforms.
- Familiarity with secure connectivity between on-premises and cloud environments.
- Familiarity with Agile methodologies and the use of tools like Confluence and Jira to advance the program.
- One of the following certifications required or obtained within 12 months of hire: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), GIAC Security Essentials (GSEC).