Senior Information Security Engineer

Full Time
Washington, D.C., DC
Areas of Interest: Incident Response, Investigation, Threat Analysis, Vulnerability Assessment and Management
report a problem

The Senior Information Security Engineer, reporting to the Director, Security Technology and Investigations, is responsible for supporting the execution of the Information Security Incident Response and security management programs within the Enterprise Information Security and Compliance department. In particular, this role will focus on the administration and management of a suite of information security countermeasures, incident investigations and provide internal security consulting for business units through the Enterprise.

This position is a hands-on information security position responsible for working with members of the technology teams, including technology operations and Development teams, to identify, prioritize, and reduce information security risks in a cost-effective way. In addition to assuring the proper level of focus and controls exist in the right areas, the position will also provide support for vulnerability scanning/detection utilizing Tenable Security Center, Data Loss Prevention, security monitoring, and incident response activities.

The position is also responsible for conducting information security and data breach investigations, documenting and reporting on the investigations and tracking all remediation items to closure.

Duties and Responsibilities:

  • Serves as information security subject matter expert for infrastructure, connected vehicle services, streaming and systems and network security.
  • Responsible for supporting the information security program and performance of relevant information security engineering and testing activities for the connected vehicle services, streaming and infrastructure services of Sirius XM.
  • Collaborates with business owners, product/systems engineers, and operational personnel to understand business priorities and goals, company culture, and processes to identify information security risks; works with teams to recommend and help implement solutions and/or mitigating controls.
  • Provides technical design, documented guidelines and implementation support of security controls for servers, workstations, network devices, multi-function devices, mobile computing platforms, and applications.
  • Serves as a technical security liaison with OEM clients and their respective security representatives.
  • Performs security assessments and technical testing of information systems infrastructure and applications, including internal, external, and partner facing systems.
  • Identifies singular and compound vulnerabilities across operating systems, databases, network infrastructure, and applications.
  • Actively tracks vulnerability findings and status of remediation, driving toward resolution.
  • Validates the continued and proper placement, operation, and tuning of security instrumentation, including vulnerability scanners, intrusion detection sensors, DLP, security log monitoring/correlation tools, file integrity monitoring solutions, and other security relevant controls by monitoring the IT security operations groups and their activities.
  • Expedites neutralization of threats that pose immediate danger to the confidentiality, integrity, and availability of information assets.
  • Evolves and adapts incident response and handling procedures commensurate with changing threat landscape and business needs.
  • Provides routine status and metrics for information security to the Director of Operations Security.
  • May perform daily and alert based monitoring of information security events and initiate response procedures in accordance with established processes.
  • May perform routine and ad-hoc information security vulnerability scanning and testing to identify risks to information assets; escalate and expedite resolution/mitigation of vulnerabilities deemed high/critical severity.
  • Helps raise awareness of information security in the company and provide holistic guidance on information security.
  • Supports PCI/PII and other regulatory related activities and remediation.

Supervisory Responsibilities:

  • There are no supervisory responsibilities associated with this job.

Minimum Qualifications:

  • 7+ years hands-on information technology security experience.
  • A Bachelor's degree from an accredited institution or an equivalent combination of education and work experience.
  • Must have current Certified Information Systems Security Professional (CISSP) certification; additional certifications such as GIAC, CEH, LPT, PCI-ISA, etc. are preferred.
  • Experience with PCI, ISO, and SOX.

Requirements and General Skills:

  • Self-motivated to constantly hone information security knowledge and skills.
  • Good public speaking and presentation skills.
  • Interpersonal skills and ability to interact and work with staff at all levels.
  • Excellent written and verbal communication skills.
  • Ability to work independently and in a team environment.
  • Ability to project professionalism over the phone and in person.
  • Commitment to "internal client" and customer service principles.
  • Strong organizational skills and attention to details.
  • Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast-paced environment.
  • Must have legal right to work in the U.S.
  • Sirius XM is a 24/7 operational entity and, from time to time, the Senior Information Security Engineer is expected to serve as an on-call resource and to participate in security activities outside of normal business hours.
  • This position may require 25% travel.

Technical Skills:

  • 5 + years relevant work experience designing and implementing security controls and securing systems, applications, and infrastructure.
  • 2 + years relevant work experience - Vulnerability and penetration testing tools and techniques.
  • 2 + years relevant work experience - Malware protection and response.
  • 2 + years relevant work experience - IDS/IPS and security event/ log monitoring and correlation.
  • 1 + year experience - Security program implementation.
  • Working knowledge of ISO standards, PCI, OWASP Top 10.
  • Experience with internet facing services and 24x7 environment.
  • Experience with telematics services is preferred.

Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Disabled.

The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.

SiriusXM is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to, among other things, race, religion, color, national origin, sex, age, marital status, sexual orientation, gender identity, pregnancy, citizenship, status as a protected veteran, or status as a qualified individual with disability, or any other characteristic protected by applicable law.  SiriusXM is committed to integrity, excellence, and diversity among its employees.

Share this job:

Sirius XM Radio Inc.

Sirius XM Holdings Inc. is the largest radio company measured by revenue and has more than 30 million subscribers. SiriusXM creates and offers commercial-free music; premier sports and live events; news and comedy; exclusive talk and entertainment; and a wide variety of Latin commercial-free music, sports, and talk programming. SiriusXM is available in vehicles from every major car company in the U.S. and smartphones and other connected devices, as well as online at SiriusXM listeners can personalize SiriusXM’s expertly curated commercial-free music channels using MySXM and listen to thousands of hours of programming on demand using SiriusXM On Demand.
SiriusXM is also one of the world's largest pure-play audio entertainment companies and is among the largest subscription media companies in the United States, offering an impressive array of exclusive content that spans virtually all genres and interests, including Howard SternDr. LauraHoda KotbJenny McCarthy, Andy Cohen, Jeff Foxworthy and Larry the Cable Guy, Joe MadisonMichael SmerconishJamie FoxxCoach KChris "Mad Dog" RussoStephen A. SmithCardinal Timothy DolanJoel OsteenComedy CentralEntertainment WeeklyTODAY Show RadioBleacher ReportJimmy BuffettElvisEminemGrateful DeadB.B. KingWillie NelsonOzzy OsbournePearl JamPink FloydPitbullTom PettyFrank SinatraBruce Springsteen, and Tiësto. SiriusXM is the ultimate destination for sports fans, offering listeners sports talk and live play-by-play from the NFLMajor League Baseball®, NASCAR®, NBANHL®, PGA TOUR®, IZOD IndyCar® Series, soccer, college sports, and more.
SiriusXM has arrangements with every major automaker for installation of satellite radio in their vehicles. SiriusXM products for cars, the home or office are available through and at retail locations nationwide.
SiriusXM is also a leading provider of telematics and connected vehicles services, providing safety, security and convenience services to a host of major automotive manufacturers.
SiriusXM also provides premium traffic, weather, data and information services for subscribers through SiriusXM Traffic™,SiriusXM Travel LinkNavTraffic® and Nav Weather™. SiriusXM delivers weather, data and information services to aircraft and boats through SiriusXM Aviation, Sirius Marine™, Sirius Marine Weather, XMWX Aviation, and XMWX Marine™.
SiriusXM also holds a minority interest in SiriusXM Canada which has more than 2.7 million subscribers.
On social media, join the SiriusXM community on FacebookTwitterInstagram, and YouTube.
Visit Sirius XM Radio Inc.'s Social Media pages:
Company Industry: Entertainment
Company Type: Public Company
Company Size: 1,001-5000