The Senior Information Security Engineer, reporting to the Senior Director, Information Security is responsible for supporting the execution of the Information Security program at Sirius XM. In particular, this role will focus on driving the design, implementation, and maintenance of security technology and program functions for the connected vehicle and infotainment products and service offerings of Sirius XM.
This position is a hands-on information security position responsible for working with members of the business and IT departments to identify, prioritize, and reduce information security risks in a cost-effective way. In addition to assuring the proper level of focus and controls exist in the right areas, the position will also provide support for vulnerability scanning/detection, penetration testing, security monitoring, and incident response activities.
The position monitors the security activities of all of the operating units at Sirius XM including the connected vehicle, broadcast, streaming and infotainment products and services offerings, as well as other special projects for the purpose of making recommendations to the Senior Director of Information Security and Vice President, Information Security, Privacy and Compliance based on results of security assessments and reviews.
Duties and Responsibilities:
Serves as information security subject matter expert for connected vehicle services, streaming and systems and network security.
Supports the information security program and performance of relevant information security engineering and testing activities for the connected vehicle services, streaming and infrastructure services of Sirius XM.
Collaborates with business owners, product/systems engineers, and operational personnel to understand business priorities and goals, company culture, and processes to identify information security risks; works with teams to recommend and help implement solutions and/or mitigating controls.
Provides technical design, documented guidelines and implementation support of security controls for servers, workstations, network devices, multi-function devices, mobile computing platforms, and applications.
Serves as a technical security liaison with OEM clients and their respective security representatives.
Performs security assessments and technical testing of information systems infrastructure and applications, including internal, external, and partner facing systems.
Identifies singular and compound vulnerabilities across operating systems, databases, network infrastructure, and applications.
Performs reconnaissance activities to identify potential security weaknesses or information that could be leveraged against and do further harm to Sirius XM information assets.
Appropriately classifies findings in terms of severity and in light of exploitability, actively circulating threats, and mitigating controls.
Maintains risk-based test/evaluation schedule and coordinates production and potentially invasive testing through the Sirius XM change control board.
Actively tracks vulnerability findings and status of remediation, driving toward resolution.
Validates the continued and proper placement, operation, and tuning of security instrumentation, including vulnerability scanners, intrusion detection sensors, DLP, security log monitoring/correlation tools, file integrity monitoring solutions, and other security relevant controls by monitoring the IT security operations groups and their activities.
Expedites neutralization of threats that pose immediate danger to the confidentiality, integrity, and availability of information assets.
Evolves and adapts incident response and handling procedures commensurate with changing threat landscape and business needs.
Provides routine status and metrics for information security to the Senior Director of Information Security.
May perform daily alert-based monitoring of information security events and initiate response procedures in accordance with established processes.
May perform routine and ad-hoc information security vulnerability scanning and testing to identify risks to information assets; escalate and expedite resolution/mitigation of vulnerabilities deemed high/critical severity.
Helps raise awareness of information security in the company and provide holistic guidance on information security.
Supports PCI/PII and other regulatory related activities and remediation.
Bachelor's degree or equivalent, relevant experience.
10+ years of hands-on information technology security experience.
Certified Information Systems Security Professional (CISSP) preferred. Our expectation is that you successfully complete the requirements for and receive the CISSP certification within the first 12 months of your employment. Your inability to secure the CISSP certification within such time period may affect the Company's evaluation of your job performance, as determined by the Company in its sole discretion.
Additional certifications such as GIAC, CEH, LPT, PCI-ISA, etc. are also preferred.
Experience with PCI, ISO, and SOX.
Requirements and General Skills:
Self-motivated to constantly hone information security knowledge and skills.
Good public speaking and presentation skills.
Interpersonal skills and ability to interact and work with staff at all levels.
Excellent written and verbal communication skills.
Ability to work independently and in a team environment.
Ability to project professionalism over the phone and in person.
Commitment to "internal client" and customer service principles.
Strong organizational skills and attention to details.
Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast-paced environment.
Sirius XM is a 24/7 operational entity and, from time to time, the Senior Information Security Engineer is expected to serve as an on-call resource and to participate in security activities outside of normal business hours.
This position may require 25% travel.
Must have legal right to work in the U.S.
5+ years of relevant work experience designing and implementing security controls and securing systems, applications, and infrastructure.
2+ years of vulnerability and penetration testing tools and techniques.
2+ years of malware protection and response.
1+ year(s) of IDS/IPS and security event/ log monitoring and correlation (2+ yearsSecurity program implementation.
Working knowledge of ISO standards, PCI, OWASP Top 10.
Experience with internet facing services and 24x7 environment.
Experience with telematics or broadcast services is preferred.
Thorough knowledge of MS-Office Suite (Word, Excel, PowerPoint, Access).
As an EEO/Affirmative Action Employer all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.
The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.
Internal Number: 18-581
About Sirius XM Radio Inc.
Sirius XM Holdings Inc. is the largest radio company measured by revenue and has approximately 32.7 million subscribers.
SiriusXM’s 200+ channels of world class audio entertainment include Howard Stern, commercial-free, curated music channels representing many decades and genres from rock, to pop, country, hip hop, classical, Latin, electronic dance, jazz, heavy metal and more, exclusive artist-branded channels and concept-based channels. SiriusXM’s programming includes news from respected national outlets, and a broad range of in-depth talk, comedy and entertainment. SiriusXM is also the ultimate destination for sports fans, offering listeners live games and events from the NFL, MLB®, NASCAR®, NBA, NHL®, PGA TOUR®, soccer, and college sports, as well as news, analysis and opinions from more than a dozen dedicated sports talk channels.
SiriusXM comes installed in new vehicles from every major car company in the U.S. and is available in a fast-growing number of pre-owned vehicles.
SiriusXM is also available in the home, office or on the go with the SiriusXM app and on connected devices including smart TVs, Amazon Alexa devices, Apple TV, Roku, Sonos sound systems and Sony ...Playstation. By streaming SiriusXM, listeners also get access to thousands of hours of programming on SiriusXM On Demand.
SiriusXM is a provider of connected vehicle services that give customers access to a suite of safety, security and convenience services including automatic crash notification, stolen vehicle recovery assistance, enhanced roadside assistance and turn-by-turn navigation. SiriusXM provides premium traffic, weather, data and information services for subscribers through SiriusXM Traffic™, SiriusXM Travel Link, NavTraffic® and Nav Weather™. SiriusXM delivers weather, data and information services to aircraft and boats through SiriusXM Aviation™ and SiriusXM Marine™.