Senior Cybersecurity Risk Engineer

This role requires in-depth knowledge and experience across multiple technology disciplines with the ability to define, support, and enhance cybersecurity processes and controls while supporting IT strategy and business objectives.

As a direct report to the Director of Cybersecurity, the Sr. Cybersecurity Risk Engineer is responsible for:

Cyber Risk Management Duties

• Maintain and enhance cyber risk management frameworks, including risk identification, evaluation, treatment, and reporting.
• Monitor threat and vulnerability intelligence channels to understand emerging threats and vulnerability exposures.
• Conduct comprehensive cyber risk assessments (e.g., vendor, functional areas), create detailed reports, communicate, and support the business throughout the risk management life cycle.
• Perform threat and vulnerability analysis to understand the potential likelihood and impact on critical assets and services.
• Enhance and maintain cyber key risk indicators (KRI) and metrics to measure and monitor cybersecurity risk posture.
• Support and enhance cyber governance, risk, and compliance (GRC) processes.

Cybersecurity Engineering Duties

• Remain current on emerging cybersecurity trends and technologies.
• Perform cybersecurity design reviews of architecture, when there's a new architecture being proposed or a major change to the existing architecture.
• Provide recommendations on new or enhancements to existing cybersecurity controls.
• Develop requirements, design, configure, test, and maintain cybersecurity and GRC platforms and tools.
• Develop and maintain cybersecurity engineering designs and operational playbooks.
• Partner with other technology teams to ensure cybersecurity practices are integrated into their respective system/software development life cycles and delivery pipelines, including secure coding, threat modeling, secure configurations, vulnerability scanning, and penetration testing.

Cybersecurity Operational Duties

• Conduct cybersecurity training and testing for the organization.
• Support cybersecurity event and incident management activities (preparation, detection and analysis, containment, eradication, and recovery), as needed.
• Provide support for audit and finding remediation activities, as needed.
• Participate in disaster recovery (DR) exercises and continuous improvement processes.

Other Duties

• Establish and maintain a strong working relationship across technical and business teams.
• Successfully manage time and technical responsibilities to meet expectations and deadlines.
• Interfaces with vendors and drives activities for product and service evaluation, purchase, and support activities.
• Ensures internal and 3rd party provided IT solutions meet business needs and comply with security requirements while adhering to established company standards, policies, methodologies, and industry best practices
• Builds relationships with technical and business teams to understand their needs, priorities, roadmap, and definition of success.
• Effectively develop and communicate documentation intended for both business and technical audiences.

Company Values

• Believes and supports our Company Values
• Complies with all Williams Scotsman Mobile Mini Safety, Transportation, and Environmental Policies

Performance Efficient Use of Resources

• This is a team-based role and may assist in other aspects of IT as well as help drive our Company's Strategies and promote our Mission, Vision and Values. WSC has a highly collaborative culture and the successful candidate will work effectively with a broad group of senior executives, peers, and direct reports to perform the above responsibilities.

Customer Focus

• Utilizes and deploys proactive customer relationship management techniques

The successful candidate will possess:

• Minimum 8 years overall experience in technical functional areas.
• Bachelor's degree in computer science or related field or an equivalent combination of education and experience.
• Practical knowledge of industry cybersecurity frameworks (e.g., NIST, MITRE ATT@CK) and control baselines (e.g., CIS, OWASP, CSA CCM).
• Strong understanding of data privacy and protection standards and regulations (e.g., HIPAA, GDPR, CCPA, PCI, SOX).
• Strong technical background in at least 2 specialty areas below with overall exposure to at least 4 of the following:
  
  
  
  • Windows
  • Linux
  • MacOS
  • Handheld Mobile OSs (e.g., Android, iOS)
  • Networks
  • Cloud (AWS, Azure, etc.)
  • Virtual server platforms
  • Containers and orchestration technologies
  • Server-less technologies
  • Telephony and IVR technologies
  • Automation and scripting
  • DevOps technologies (e.g., repositories, build, CI/CD)
  
  
  
  
• Experience with cybersecurity technologies and controls such as:
  
  
  
  • Threat intelligence platforms
  • Vulnerability management platforms
  • Network controls
  • Next-Generation Firewalls technologies (e.g., policies, IDS/IPS, VPN)
  • Active Directory Group / Entra ID policies
  • operating systems (OS) secure configurations
  • Endpoint and extended detection and response (EDR/XDR) solutions
  • Data Protection technologies (e.g., encryption, tokenization, data loss prevention)
  • Incident response and forensics techniques and tools
  • Network and systems performance and availability monitoring solutions
  • SIEM and SOAR technologies
  
  
  
  
• Strong project management skills
• Ability to negotiate, influence, and collaborate to build successful relationships
• Strong verbal, written, and interpersonal communication skills
• Relevant industry certifications such as CISSP, CRISC, CEH, OSCP, or GCIH are highly desirable