|Location||Rocky Hill, CT|
|Preferred GIAC Certifications||GSEC, CISSP|
Who we are...
COCC delivers complete enterprise processing solutions to financial institutions throughout the northeastern United States. Listed among American Banker's FinTech 100 and the Inc. 5,000 fastest growing companies in the nation, COCC inspires the industry with innovation and top quality support. Designated as a Top Workplace in Connecticut and a National Great Place to Work, COCC recognizes employees as the core of our success! COCC offers a progressive training program to support employees in personal and professional development.
What we need…
COCC is seeking a world class security engineering leader to help implement and manage the architecture, engineering, execution, and delivery of a comprehensive network security posture that aligns with the goals of the business. We need a candidate that will be responsible for securing enterprise information (at rest & in transit) by determining security requirements and then planning, designing, implementing, and testing security systems to protect it. While this is partially a hands-on technical role, they will also be responsible for leading a team of world class security engineers. We solve complex problems through creative and innovative solutions while continuously seeking process improvement, automation, systems enhancement, and overall reduction of risk. This individual will need to prepare and execute technical security standards, policies, and procedures. While working in close partnership with the risk management teams, leadership teams, business lines, and client stakeholders, they will work to empower the business and continuously enhance the security posture of the organization.
What’s in it for you…
COCC offers a unique and collaborative experience as you grow your career with us and all of the benefits you’d expect from an award-winning employer plus:
A hybrid schedule allowing you the flexibility to balance your work/life needs
A customized training plan to successfully onboard you through your first year
A robust employee training and development program aligned with career pathing objectives
Generous PTO offering as well as competitive pay and benefits
On-site fitness center / off-site fitness/wellness reimbursement
One-on-one career coaching
Financial planning assistance with certified professionals
Fun employee events such as company outings, trivia, sports leagues wellness events
Peer recognition programs
What you’ll do…
Reporting to the Assistant Vice President of Security Infrastructure, you will be the organizational subject matter expert on security technologies, principles, and architectures. As the SME, you will work to define, design, and/or implement technical security controls that support the development of secure architectures, frameworks, technical security standards, and technical baselines.
You will lead the technical architecture and implementation of security solutions while simultaneously providing technical leadership and strategic direction for the network security functions. This includes managing a team of security architects & engineers to deliver on corporate security projects, roadmaps, and team performance.
You will be responsible for the overall planning, execution, and success of complex security projects while continually assessing and evaluating the effectiveness of our toolsets by utilizing proven continuous improvement processes, metrics, and measurements.
You and your team will provide security-consulting services internally to the organization by giving security guidance and functioning as the information security subject matter expert. This includes security analysis of proposed architectures, providing risk assessment feedback, and to include security requirements and compensating control alternatives where required.
Utilizing your industry experience, you will ensure architectural alignment of the security strategy and the overall business strategy according to the officer(s) of Information Security and assist Corporate Risk Management in developing information security policies and procedures to ensure the security of the enterprise is in alignment with said secure architectures.
Given that you're passionate about security and are an inquisitive individual, you will maintain awareness of the latest cyber security trends and developments and how it can potentially affect the organization. This includes assessing current state security controls, their capabilities, and effectiveness against existing as well as new threats.
On a daily basis, you will work with next-generation firewalls, web application firewalls (WAF), application delivery controllers (ADC), virtual private networks (VPN), software-defined wide area networking (SDWAN), remote access solutions, cloud-based infrastructure, secure access service edge (SASE), cloud access security broker (CASB), network taps, distributed denial of service attack prevention (DDoS), security information & event management systems (SIEM), web filtering and proxy solutions, firewall management platforms, automation tools, security inventory management, systems monitoring, IP reputation and other threat management platforms, ticketing, change control, and project management tools.
What you’ll bring…
Bachelor’s degree is preferred for this role but will consider appropriate work experience and/or relevant certifications. Master's degree a plus.
CISSP or equivalent certification(s) required.
Project Management experience required.
10+ years of experience in a technical information security role.
Experience leading and mentoring technical teams.
Strong leadership, problem solving, and critical thinking skills.
Prioritize and execute autonomously.
Execute tactically but also think strategically.
Collaborate across the organization amongst differing teams.
Communicate effectively with all levels of staff and management; both verbally and written.
Ability to read, analyze, and interpret complex technical information and be able to explain in detail.
What you're passionate about technically...
Security of course!
Understanding and knowledge of common network security technologies including NGFW, WAF, SIEM, ADC, EDR, CASB, SASE, SDWAN, and security protocols such as TLS, IPSec, VPN, and emerging technologies.
Understanding of common Networking Protocols (examples include OSPF, EIGRP, BGP, HSRP, GLBP) and generalized traffic routing principles.
Understanding of common Application Protocols (examples include HTTP, SMTP, DNS, API) and what it takes to secure them.
Understanding of common Security Principles and Security Architectures.
Deep knowledge of TCP/IP, ethernet, and ways to secure them.
Experience with common networking and security solution vendors (examples may include Cisco, Fortinet, Juniper, Gigamon, F5, Arista, Netskope, Palo Alto, AWS, Azure, Broadcom, VMware)
Federal security standards – NIST SP 800-53, CSF, familiarity with GLBA a plus.
COCC is committed to maintaining a drug-free workplace. All applicants are required to pass a credit, background, and substance test prior to employment. COCC procures background and consumer reports in compliance with all Federal and State regulations, including The Fair Credit Reporting Act and CT Department of Labor laws regarding pre-employment screens. COCC is an equal opportunity employer committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.
Accessibility - If you’re a job seeker with a disability and require accessibility assistance or an accommodation to apply for one of our jobs, please let us know by calling 860-678-0444 or emailing TalentManagement@cocc.com. Please specify the help you need and we’ll be happy to get back to you!