Senior Cyber Security Engineer

To Apply for this Job Click Here

Position: Senior Cyber Security Engineer
Location: Miami, FL
Type: Direct Hire 

Employment Eligibility: Due to the travel requirements to Latin America and the Caribbean, Gravity can only consider U.S. Citizens at this time.

Job Description

Gravity IT Resources is seeking a highly skilled and motivated Senior Cyber Security Engineer to join our growing security team. This individual will be responsible for driving cybersecurity initiatives across infrastructure, applications, cloud environments, identity, and governance domains.

The ideal candidate is a hands-on technical expert and a proactive self-starter who takes full ownership of their work, identifies gaps, and implements effective solutions without needing direction.

This role blends technical security engineering responsibilities with governance, risk, and compliance (GRC) oversight, ensuring security practices align with frameworks such as PCI DSS 4.0, NIST CSF, GDPR, and internal data protection standards.

---

Key Responsibilities

Security Engineering & Operations

• Design, implement, and manage security controls across networks, endpoints, cloud platforms, and applications.

• Lead the deployment, tuning, and optimization of security tools (e.g., SIEM, EDR, WAF, IAM, CNAPP).

• Investigate, triage, and remediate complex security incidents in coordination with the SOC team.

Architecture & Design

• Integrate security into system and application design reviews; perform threat modeling and provide architectural guidance.

• Define technical standards and create reference architectures for secure cloud and on-prem deployments.

• Champion Zero Trust architecture and least-privilege access principles across the enterprise.

Governance, Risk & Compliance (GRC)

• Support compliance with PCI DSS 4.0 through scope reduction, segmentation validation, vulnerability management, and scanning.

• Align security controls to the NIST CSF framework; track maturity levels and drive control improvements.

• Ensure GDPR and privacy-related practices (e.g., DSARs, opt-out handling, privacy-by-design) are embedded in operations.

• Implement and monitor data security controls, including encryption, access controls, and data retention strategies.

• Conduct risk assessments, gap analyses, and security reviews to validate compliance and enhance security maturity.

• Collaborate with auditors, regulators, and internal teams during security audits and assessments.

• Maintain documentation for security policies, control standards, procedures, and evidence repositories.

DevSecOps & Automation

• Integrate security into CI/CD pipelines, containerized environments, and Kubernetes orchestration.

• Automate security tasks such as vulnerability scanning, patch management, and compliance reporting.

• Partner with development teams to promote secure coding practices and address vulnerabilities early in the SDLC.

Leadership & Influence

• Act as a trusted advisor to IT and business stakeholders; clearly communicate security risks and technical concepts.

• Proactively identify areas for improvement, lead initiatives, and influence positive change across the organization.

---

Competency Requirements

The successful candidate must demonstrate proficiency in the following areas:

• Initiative: Strong self-starter who drives outcomes and leads improvements.

• Technical Expertise: Broad and deep knowledge across security domains.

• Risk-Based Thinking: Balances technical implementation with regulatory compliance needs.

• Collaboration: Works effectively with cross-functional teams (IT, DevOps, Business).

• Communication: Articulates complex security issues to technical and non-technical audiences.

• Adaptability: Thrives in dynamic, fast-paced environments.

• Ownership: Takes accountability, drives solutions, and challenges the status quo when needed.

---

Qualifications & Experience

Education

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field preferred.

Experience

• 5–7 years of progressive experience in cybersecurity engineering.

Core Technical Expertise

• Network Security: Firewalls, IDS/IPS, segmentation.

• Endpoint Security: EDR tools, patch management, system hardening.

• Cloud Security: Security architecture for AWS, Azure, or GCP; container/Kubernetes security; CNAPP.

• Identity & Access Management: MFA, SSO, RBAC, PAM, Entra ID/Okta.

• Application Security: Secure coding practices, SAST/DAST, API security, SDLC integration.

• Data Security: Encryption, DLP, retention, DSAR handling.

Frameworks & Compliance

• Deep knowledge of: PCI DSS 4.0, NIST CSF, GDPR, and related privacy/security standards.

Automation & Scripting

• Proficiency with scripting and automation tools (e.g., Python, PowerShell, Bash, Terraform).

Certifications (1 or more preferred)

• OSWE, GWAPT, GWEB, GPEN

• CSSLP – Certified Secure Software Lifecycle Professional

• CISSP, CISM, or CEH

To Apply for this Job Click Here

Equal Employment Opportunity Statement
Gravity IT Resources is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other legally protected characteristic. All employment decisions are based on qualifications, merit, and business needs.