IT Security Engineer

IT Security Engineer

Join the Golden Entertainment corporate IT Security Team as a Security Engineer, where you'll help safeguard our gaming and hospitality operations against evolving cyber threats. In a landscape shaped by trends like zero-trust architectures, AI-driven attacks, and cloud security demands, you'll design, deploy, and maintain robust defenses—such as precise access controls, backup safeguards, identity provider oversight, and seamless single sign-on expansions—for our infrastructure, systems, and data. This role blends hands-on incident response with policy development to ensure compliance and resilience, all while supporting a fast-paced environment that values innovation, outstanding service, and opportunities to hone skills on a top-tier security stack through ongoing engagement and development.

Essential Duties & Responsibilities:

• Configure, deploy, and troubleshoot security tools and systems, incorporating zero-trust principles and AI-enhanced monitoring.
• Manage access lists, compensating controls, while expanding identity and SSO implementations to enhance secure access and identity protection.
• Detect, investigate, resolve incidents, including ransomware and advanced persistent threats.
• Define security requirements for operating systems, applications, and cloud environments.
• Develop and maintain security policies, procedures, and standards to align with emerging trends like remote access hardening.
• Stay current on vulnerabilities, infiltration tactics, forensics, and threats through ongoing research.
• Conduct vulnerability assessments to pinpoint weaknesses, evaluate control effectiveness, and coordinate patching of identified vulnerabilities.
• Advise on acceptable risk levels to guide security decisions and implementations.
• Conduct proactive threat hunting using our security stack (e.g., SIEM, EDR, NDR) and typical cybersecurity tools across the industry.
• Gather and share advanced CTI (Cyber Threat Intelligence) and OSINT (Open-Source Intelligence) to bolster team defenses.
• Support audits by providing documentation, responses, and remediation plans.
• Evaluate third-party risks (vendors, contractors) through documentation reviews and assessments.
• Contribute to security training and user awareness programs, including teaching cyber hygiene and privacy habits to mitigate everyday risks.
• Collaborate with command center, network, systems, and applications teams on security issues, plus analysts and engineers from our third-party MDR (Managed Detection and Response) team.
• Ensure compliance with gaming laws, internal controls, Title 31, federal regulations, and standards like SOX, PCI, and the NIST Cybersecurity Framework.
• Deliver exceptional service to guests and team members, meeting company culture standards.
• Serve in an established `On-Call` rotation and perform other duties as assigned.

Requirements:

• Security+, CEH, or equivalent certification preferred.
• 2-3 years of IT security experience.
• 2+ years in at least two areas: IT security administration, server administration, or network administration.
• Hands-on experience with security systems like ACLs, next-gen firewalls, NDR/EDR, SSO, MDM, SIEM/SOAR, content filtering, remote access, and secure DNS.
• Knowledge of endpoint hardening, app vetting, cloud monitoring, Microsoft Active Directory management/hardening, and REST API configuration.
• Familiarity with NIST Cybersecurity Framework (1.1 and 2.0) and trends like zero-trust implementation.
• Preferred experience with testing tools such as Kali, Metasploit, Burp, Wireshark, Nmap, Netcat, and vulnerability scanners.
• Preferred: Adept at scripting with PowerShell, automation, and command-line tools in Windows and Linux environments.
• Working knowledge of regulations including Nevada Gaming Control Board, SOX, HIPAA, and PCI-DSS.
• BS in computer science, information sciences, or equivalent education/experience.
• Strong problem-solving skills for high-pressure, evolving environments.
• Reliable transportation some travel required.
• Willing to work any shift, including weekends and holidays.
• Effective English communication (written and verbal).
• At least 21 years old.
• Obtain/maintain required company work cards.
• Verify U.S. work authorization.
• Work Cards Nevada Gaming. Valid Driver's License.
• Physical Requirements: Lift, pull, push, carry, bend/kneel, stand/walk (about 50% of time); sit at desk (up to 50%). Ability to handle up to 50 lbs. Maintain high concentration for extended periods. Normal vision, speech, hearing, and literacy.
• Work Environment: Potential conditions indoor. Cold. Noisy. Smoky.