SiriusXM and Pandora have joined together to create the leading audio entertainment company in the U.S. Together, we are uniquely positioned to lead a new era of audio entertainment by delivering the most compelling subscription and ad-supported audio experiences to millions of listeners - in the car, at home and on the go. Our talent, content, technology and innovation continue to be at the forefront, and we want you to be a part of it! Check out our current openings below and at www.siriusxm.com/careers.
Position Summary:
Responsible for designing and implementing SXM-P‘s security strategy specific to Broadcast Engineering. The candidate will help develop and implement security standards and best practices that are integral to delivering Sirius XM ‘s core products.
The candidate will install and use software and hardware such as firewalls and data encryption programs, malware detection and remediation products to protect organizations’ sensitive information. Candidate will work with the infrastructure team and the end users to implement new security products and procedures.
Duties and Responsibilities:
Participate in the research, analysis, design, testing and implementation of computer network security technologies and applications such as Intrusion Prevention Systems (IPS), Anomaly Detection Systems (ADS), Splunk/ArcSight/QRadar (SIEM) Familiar network segmentation (Macro/Micro/Nano) technologies such as VMWARE NSX, Sentinel EDR, Arista MSS Work with EISC to conduct periodic scans of networks and servers and design and implement solutions to remediate these findings Conduct penetration testing to find vulnerabilities that might be exploited by a malicious party Help integrate and coordinate Broadcast security policies with the Enterprise Security team (EISC) Design and implement monitoring system to watch Broadcast networks and systems for security breaches or intrusions and watch out for irregular system behavior Lead incident response activities along with EISC to minimize the impact and lead a technical and forensic investigation Develop and implement system hardening standards conforming to CIS benchmarks Responsible for building security toolset helping to identify and mitigate information security risks Work with management to develop effective controls, processes and metrics to ensure compliance objectives are met Perform risk analysis to identify IT security risks, operational risks and remediation plans. Monitor compliance with risk mitigation/remediation plans, and address non-compliance issues appropriately Document risks associated with approved exceptions, define mitigation controls and establish long-term remediation strategies Analyze business requirements and ensure that solutions meet established security policies and controls Monitor compliance with applicable laws/standards/regulatory controls related to IT security Support security technologies for systems such as EDR, antivirus, firewalls, active directory, encryption, web applications firewall and network access controls Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, CIS, ITIL) Maintain current knowledge on information security topics and their applicability Provide technical leadership on assigned projects driving all technical deliverables
Supervisory Responsibilities:
None
Minimum Qualifications:
Bachelor’s degree in Computer Science or Information Systems or equivalent required. Two or more certification preferred (CISSP, OSCP, GSEC, GCIA, CISM, HCISSP, ISSAP, ISSEP, CEH) 10 years in Information Systems Security. This position requires the use of information or access to hardware which is subject to the International Traffic in Arms Regulations (ITAR). As required by ITAR, to perform this position you must be a U.S. Citizen, U.S. Permanent Resident (i.e., ‘Green Card Holder’), Political Asylee, or Refugee.
Requirements and General Skills:
Good public speaking and presentation skills. Interpersonal skills and ability to interact and work with staff at all levels. Excellent written and verbal communication skills. Ability to work independently and in a team environment. Ability to pay attention to details and be organized. Ability to project professionalism over the phone and in person. Ability to handle multiple tasks in a fast-paced environment. Commitment to “internal client” and customer service principles. Willingness to take initiative and to follow through on projects. Creative writing ability. Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast-paced environment.
Technical Skills:
Direct experience with EDR, anti-virus software, intrusion detection and firewalls Ability to evaluate/deconstruct malware (e.g. obfuscated code) through open-source and vendor provided tools Working knowledge of Windows/Unix systems administration and security vulnerabilities Knowledge of risk assessment tools, technologies and methods Experience designing secure networks, systems and application architectures Knowledge of disaster recovery, computer forensic tools, technologies and methods Experience planning, researching and developing security policies, standards and procedures Professional experience in a system administration role supporting multiple platforms and applications Deep knowledge of TCP/IP and related data network protocols: knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, HTTP, SNMP etc., and advanced features like IPSEC and IPv6 related protocols and accompanying protocol analysis tools (Wireshark, TCPDump, etc.) Deep knowledge studying and analyzing converged network technologies Working knowledge of modern communications networks and protocols (GSM, SS7, UMTS, MPLS, VPNs, etc) Understanding of network administration of Routers, Firewalls and Switching technology Understanding of and the ability to perform penetration testing Incident response, intrusion analysis, proactive defense Development experience using Python, Ruby, Perl, C, or C++ Incident response, intrusion analysis, proactive defense Forensics and intrusion analyst, Penetration testing experience Ability to communicate network security issues to peers and management Ability to read and use the results of mobile code, malicious code, and anti-virus software Experience with Microsoft encryption Infrastructure preferred – certificates, SSL and SSH, etc. Skilled in studying and analyzing system requirements, system process analysis, design and engineering.
More details about our company benefits can be found here!
Our goal at SiriusXM+Pandora is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation. SiriusXM+Pandora is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, ancestry, alienage or citizenship status, age, disability or handicap, sex, gender identity, marital status, familial status, veteran status, sexual orientation or any other characteristic protected by applicable federal, state or local laws.
The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.