CardWorks
Senior Cyber Security Engineer (Endpoint & DLP Security), Infrastructure & Acces
CardWorks, South Jordan, Utah, United States, 84095
Senior Cyber Security Engineer (Endpoint & DLP Security), Infrastructure & Access security
Join to apply for the
Senior Cyber Security Engineer (Endpoint & DLP Security), Infrastructure & Access security
role at
CardWorks .
Our aim is to help people connect with possibility and opportunity using our financial servicing expertise. We build meaningful relationships with consumers, employees, and clients.
Position Summary We are seeking a highly skilled Senior Cyber Security Engineer to join our dynamic team in the financial sector. This role emphasizes mentoring and tactical oversight in safeguarding our organization’s information systems against cyber threats. The ideal candidate will possess a deep understanding of cyber security principles and technologies, along with the ability to own and lead projects while mentoring junior team members.
Essential Functions
Work with team lead and direct leadership to implement comprehensive cyber security strategies that align with team and organizational goals while also maintaining regulatory requirements.
Lead programs, mentor junior engineers and analysts, and help develop a high-performing cyber security team, acting as a point of technical escalation.
Maintain in-scope program implementation, road mapping and maturity best practices.
Keep a “real time” status on the latest cyber security trends, technologies, and best practices, helping to integrate them into the organization’s security framework.
Assist in authoring and enforcing security policies, standards, and procedures to create efficiencies and mitigate risks to ensure compliance with industry regulations.
Support the SOC during incident response efforts, coordinating with the SOC team internally to facilitate resolutions effectively.
Participate in incident response plans as well as regular drills and reviews to ensure preparedness.
Collaborate cross-functionally with teams and stakeholders. Establish and maintain relationships to properly support security initiatives enterprise wide.
Report on program metrics as well as potential gaps identified to the team lead and direct leadership providing insights and recommendations for improvement.
Senior Cyber Security Engineer is also responsible for familiarity with tooling and cross-train with other security functions as assigned:
Endpoint security controls – Monitor ticketing and requests for all endpoint controls and respond to events and outages in a troubleshooting capacity.
Data loss prevention – Address tickets for block remediation and apply rule changes as needed.
Cloud access security brokering – Monitor incoming requests and apply proper validation and remediation steps as needed.
Email security – Perform triage and remediation of tickets related to email security.
Additional Essential Functions
Define and enforce policies for endpoint security and DLP aligned with regulatory and business requirements.
Develop and maintain operational playbooks and escalation procedures.
Administer and optimize Microsoft Defender XDR and DLP tools across the enterprise.
Lead tool upgrades, configuration changes, and integration efforts with SIEM and SOAR platforms.
Incident Triage & Response
Analyze and triage security alerts from Defender XDR and DLP platforms.
Lead investigations into endpoint-related incidents and data exfiltration attempts.
Generate regular reports on endpoint and DLP effectiveness, coverage, and incident trends.
Compliance with Laws & Regulations
Collaborate with compliance and risk teams to ensure audit readiness and policy adherence.
Responsible for complying with all the Bank’s internal control policies and procedures.
Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.
Education and Experience
Bachelor’s degree in Cybersecurity, Information Security, or a related field. Equivalent experience will also be considered.
7+ years of experience in risk management, security awareness, or a related role within the finance industry. Experience in developing and delivering training programs is highly desirable.
Relevant certifications such as CISSP, CISM, or advanced SANS are highly desirable.
Summary of Qualifications
Highly proficient in the management and use of the Microsoft Security Tool Suite.
1+ years of Morphisec experience preferred.
Proficient in scripting languages such as Python, PowerShell with relation to API, automation and metric collection.
Thorough understanding of current cyber threat and risk landscape.
Experience with industry tooling (e.g., Workday, Dayforce, KnowBe4, Cybsafe, Tanium, etc.).
Solid understanding of web application frameworks, APIs, microservices, and cloud environments (AWS, Azure, GCP).
Good experience with highly regulated industries, and specifically the banking industry (including FDIC regulations) is preferred.
Demonstrated skills with security concepts, defense-in-depth strategies, security tools, and protocols.
“White-hat” mentality, with a healthy sense of paranoia (security awareness and risk).
Positive, inquisitive, can-do attitude.
Self-starter, requires minimal oversight to perform as expected, work well independently and as part of a team.
Comfortably perform well under pressure, deliver to commitments on tight deadlines.Meticulous attention to detail.
Passion for cybersecurity and technology trends, news, and hacking techniques.
Salary Range For this position in NY Metro/NY State: $130,105 to $144,561. Salary varies by location.
Our Employee Value Proposition
Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
Benefits Package -Medical, Dental, and Vision (plus much more)
401(k) Plan with Company Match
Short- & Long-Term Disability
Wellness Programs
Group Life and AD&D Insurance
Paid Vacation, Sick Days and bank Holidays
Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition
Senior Level Mid-Senior level
Employment Type Full-time
Job Function Information Technology
Referral Notice Referrals increase your chances of interviewing at CardWorks by 2x
EEO Statement We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.
We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable.
#J-18808-Ljbffr
Senior Cyber Security Engineer (Endpoint & DLP Security), Infrastructure & Access security
role at
CardWorks .
Our aim is to help people connect with possibility and opportunity using our financial servicing expertise. We build meaningful relationships with consumers, employees, and clients.
Position Summary We are seeking a highly skilled Senior Cyber Security Engineer to join our dynamic team in the financial sector. This role emphasizes mentoring and tactical oversight in safeguarding our organization’s information systems against cyber threats. The ideal candidate will possess a deep understanding of cyber security principles and technologies, along with the ability to own and lead projects while mentoring junior team members.
Essential Functions
Work with team lead and direct leadership to implement comprehensive cyber security strategies that align with team and organizational goals while also maintaining regulatory requirements.
Lead programs, mentor junior engineers and analysts, and help develop a high-performing cyber security team, acting as a point of technical escalation.
Maintain in-scope program implementation, road mapping and maturity best practices.
Keep a “real time” status on the latest cyber security trends, technologies, and best practices, helping to integrate them into the organization’s security framework.
Assist in authoring and enforcing security policies, standards, and procedures to create efficiencies and mitigate risks to ensure compliance with industry regulations.
Support the SOC during incident response efforts, coordinating with the SOC team internally to facilitate resolutions effectively.
Participate in incident response plans as well as regular drills and reviews to ensure preparedness.
Collaborate cross-functionally with teams and stakeholders. Establish and maintain relationships to properly support security initiatives enterprise wide.
Report on program metrics as well as potential gaps identified to the team lead and direct leadership providing insights and recommendations for improvement.
Senior Cyber Security Engineer is also responsible for familiarity with tooling and cross-train with other security functions as assigned:
Endpoint security controls – Monitor ticketing and requests for all endpoint controls and respond to events and outages in a troubleshooting capacity.
Data loss prevention – Address tickets for block remediation and apply rule changes as needed.
Cloud access security brokering – Monitor incoming requests and apply proper validation and remediation steps as needed.
Email security – Perform triage and remediation of tickets related to email security.
Additional Essential Functions
Define and enforce policies for endpoint security and DLP aligned with regulatory and business requirements.
Develop and maintain operational playbooks and escalation procedures.
Administer and optimize Microsoft Defender XDR and DLP tools across the enterprise.
Lead tool upgrades, configuration changes, and integration efforts with SIEM and SOAR platforms.
Incident Triage & Response
Analyze and triage security alerts from Defender XDR and DLP platforms.
Lead investigations into endpoint-related incidents and data exfiltration attempts.
Generate regular reports on endpoint and DLP effectiveness, coverage, and incident trends.
Compliance with Laws & Regulations
Collaborate with compliance and risk teams to ensure audit readiness and policy adherence.
Responsible for complying with all the Bank’s internal control policies and procedures.
Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.
Education and Experience
Bachelor’s degree in Cybersecurity, Information Security, or a related field. Equivalent experience will also be considered.
7+ years of experience in risk management, security awareness, or a related role within the finance industry. Experience in developing and delivering training programs is highly desirable.
Relevant certifications such as CISSP, CISM, or advanced SANS are highly desirable.
Summary of Qualifications
Highly proficient in the management and use of the Microsoft Security Tool Suite.
1+ years of Morphisec experience preferred.
Proficient in scripting languages such as Python, PowerShell with relation to API, automation and metric collection.
Thorough understanding of current cyber threat and risk landscape.
Experience with industry tooling (e.g., Workday, Dayforce, KnowBe4, Cybsafe, Tanium, etc.).
Solid understanding of web application frameworks, APIs, microservices, and cloud environments (AWS, Azure, GCP).
Good experience with highly regulated industries, and specifically the banking industry (including FDIC regulations) is preferred.
Demonstrated skills with security concepts, defense-in-depth strategies, security tools, and protocols.
“White-hat” mentality, with a healthy sense of paranoia (security awareness and risk).
Positive, inquisitive, can-do attitude.
Self-starter, requires minimal oversight to perform as expected, work well independently and as part of a team.
Comfortably perform well under pressure, deliver to commitments on tight deadlines.Meticulous attention to detail.
Passion for cybersecurity and technology trends, news, and hacking techniques.
Salary Range For this position in NY Metro/NY State: $130,105 to $144,561. Salary varies by location.
Our Employee Value Proposition
Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
Benefits Package -Medical, Dental, and Vision (plus much more)
401(k) Plan with Company Match
Short- & Long-Term Disability
Wellness Programs
Group Life and AD&D Insurance
Paid Vacation, Sick Days and bank Holidays
Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition
Senior Level Mid-Senior level
Employment Type Full-time
Job Function Information Technology
Referral Notice Referrals increase your chances of interviewing at CardWorks by 2x
EEO Statement We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.
We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable.
#J-18808-Ljbffr