Job Description :
Job Role: Senior Security Engineer
Job Location: NEWARK, CA
Job type: C2C or W2
CYBER SECURITY
Leading the future of luxury mobility
Lucid’s mission is to inspire the adoption of sustainable energy by creating the most captivating luxury electric vehicles, centered around the human experience. Working at Lucid Motors means having a shared vision to power the future in revolutionary ways. Be part of a once-in-a-lifetime opportunity to transform the automotive industry.
We are currently seeking an Senior Security Engineer. You will serve as a security expert in network, application design, operating systems, endpoint protection, mobile devices, and foundational InfoSec technical controls. Our ideal candidate exhibits a can-do attitude and approaches his or her work with vigor and determination. Candidates will be expected to demonstrate excellence in their respective fields, to possess the ability to learn quickly and to strive for perfection within a fast-paced environment.
The Role
Participate in and coach the Security Operations & Incident Response
Develops and maintains access control rules
Serve as a security expert in network, application design, operating systems, endpoint protection, mobile devices, and foundational InfoSec technical controls.
Work closely with software and data engineers to ensure adequate security solutions are in place throughout all systems.
Conduct periodic training and knowledge transfer sessions for external/internal department staff and business partners
Manage and update the InfoSec risk model, and in coordination with other functional teams
Serve as a trusted advisor to business functional areas and internal IT resources.
Ensure that business and technical requirements are aligned to policy and are implemented within regulatory and contractual compliance. Advocate for cyber risk mitigation during planning sessions and implementation of new services.
Contribute to the development and maintenance of the information security strategy.
Plan, design and build of enterprise scale security architectures.
Monitor cyber-security requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices.
Perform technical security assessments, code audits and design reviews.
Develop technical solutions to help mitigate security vulnerabilities.
Advocate security and secure practices throughout the company.
Be involved in offensive security exercises.
Respond immediately to cyber security related incidents and provides a thorough post-event analysis.
Implementing security solutions in public cloud, Kubernetes and container environment.
Security configuration, audit, and management of applications and databases
Leads identification and proposes remediation of vulnerabilities
Maintains user lists, passwords, encryption keys, and other authentication and security-related information and databases
Qualifications
BS in Computer Science or related field preferred.
5+ years practical security experience.
Understanding and practical experience Network design and architecture, Cloud based services (PaaS, IaaS, SaaS), Virtualization / Containerization, Mobile security (MDM, MAM), Encryption / PKI, Database security, Application / API security, Identity Management (IDM)
Understanding of software development principles.
Proficiency in several security technologies including data loss prevention, encryption, cloud access security brokers, identity and access management, micro-segmentation, multi-factor authentication, endpoint protection, SIEM and perimeter defenses
Experience working across the full stack of enterprise security tools to include everything from the physical layer to the application layer
Ability to lead the design of network security infrastructure and the integration of new requirements into existing architectures
Experience leading compliance assessments of relevant cybersecurity frameworks
Experience conducting daily Security Operations Center triage and research
Applied experience with many of the following technologies/roles: Privileged Account Management, Web filtering, Web Application Firewalls, Encryption-at-rest, and encryption-in-transit, Advanced endpoint protection, Vulnerability Management
Experience responding to incidents, crises, and investigations with sensitivity, tenacity, and a focus on detail required.
Strong, applied knowledge of security practices and methodologies, security controls and architecture including the use of intrusion detection/prevention and other defenses.
Experience implementing DoD and Federal IA Assessment and Authorization (A&A) processes, IA controls and developing and maintaining associated documentation.
Experience with security features and/or vulnerability of various operating systems as defined by NSA, NIST, DISA (STIGs) and USCYBERCOM.
Experience with network and system security administration, including operating system security configuration and account management best practices for MS Windows, Red Hat Enterprise Linux, and CISCO systems.
Familiar with Program Protection Plan (PPP