Cybersecurity Engineer

Job ID: 19085 

Benefits Offering

RailWorks is committed to helping our employees live better lives.  We offer comprehensive benefits packages to eligible employees, including competitive pay, medical, dental and vision coverage, 401(k) with company match, and additional performance incentives.

Salary range: $100,000 – $150,000 / year, commensurate with experience and work location.

Position Summary 

We’re looking for a motivated Cybersecurity Engineer with approximately 4-6 years of experience to help protect our systems, applications, and data. In this role, you’ll gain hands on experience and grow your technical skills across key areas such as threat detection, incident response, data protection, and user awareness. You will report to the Director of Security Operations.

This position also requires answering calls from our Security Operations Center (SOC) during weekends and off hours to ensure timely response to critical security alerts. The role is based out of our Farmingdale, New York office, with work primarily on site and occasional client visits.

 Primary/Essential Responsibilities and Duties 

1. Phishing Awareness & Incident Response

• Promptly respond to reported phishing emails, aiming for a rapid response time.
• Analyze email headers and URLs to confirm threats.
• Using Mimecast, block malicious indicators (e.g., URLs, domains, IPs) as necessary.
• Close incident tickets promptly and document actions taken.
• Conduct root cause analysis to identify gaps in email filtering and recommend improvements.
• Contribute to phishing awareness efforts by sharing trends and creating educational materials to reduce future risk and help foster a strong security culture across the organization on a weekly, monthly and annual basis.

2. End User Security Support

• Investigate and respond to suspicious end-user activity, such as abnormal login behavior, unauthorized software installations, or risky web activity
• Analyze endpoint alerts from EDR tools (e.g., Carbon Black) and escalate as needed based on threat severity
• Tune and adjust firewall policies (e.g., Palo Alto) to reduce false positives and strengthen network perimeter defense
• Support office-based network security by reviewing traffic logs, managing Cisco Umbrella policies, and blocking malicious domains/IPs
• Assist in implementing hardening controls such as disabling unused ports, enforcing MFA, and configuring secure group policies
• Help troubleshoot and optimize performance of security tools affecting users, such as antivirus, email filters, and endpoint agents

3. Security Monitoring

• Monitor and investigate alerts generated by the 24/7 Security Operations Center (SOC), ensuring timely and accurate triage of potential threats.
• Maintain ongoing communication with the SOC team to ensure they have the necessary visibility into RailWorks systems, networks, and logging sources.
• Regularly review and validate alert configurations, use cases, and tuning efforts to ensure the SOC is focused on actionable and relevant threats.
• Provide context, asset tagging, and escalation guidelines to help the SOC accurately prioritize and escalate critical events.
• Track SOC performance through metrics such as response time, alert accuracy, and incident resolution quality.
• Coordinate with the SOC on threat hunting, incident response, and reporting activities to ensure alignment with RailWorks’ security objectives.
• Document findings and outcomes from SOC investigations in daily and weekly reports for leadership visibility.

4. Threat Intelligence & Vulnerability Research

• Collaborate with IT to address vulnerabilities or misconfigurations.
• Using (Tenable) to stay informed about emerging threats and vulnerabilities relevant to the organization.
• Assist in prioritizing patches and implementing necessary security measures.

In Addition, we’ll trust you to:

• Policy & Compliance: Help maintain and enforce security policies and procedures to ensure compliance with frameworks like NIST, ISO 27001, and other applicable regulations.
• Application Security: Support secure coding initiatives by working with the IT Developers to flag vulnerabilities and contribute to secure development lifecycle practices.
• Endpoint Security: Ensure endpoints (laptops, desktops, mobile devices) are properly secured using AV, EDR, encryption, and configuration hardening.
• SIEM & Monitoring: Help configure, tune, and analyze SIEM alerts for suspicious activity. Provide input to improve alerting and detection rules.
• Data Protection: Contribute to data classification, protection efforts, and privacy compliance. Assist in investigations involving sensitive data.
• Secure Architecture: Collaborate with infrastructure teams to help design and maintain secure systems, including firewalls, IAM, and network segmentation.
• Incident Response: Support incident investigations and post-incident analysis to strengthen preventive and detective controls.
• Third-Party Security: Participate in evaluating vendor security practices to ensure alignment with organizational standards.
• Collaboration: Work closely with IT, cloud, development, and network teams to embed security across technology solutions.

Required Skills and Qualifications

Education

• Bachelor’s degree in computer science, Cybersecurity, or a related field.
• Industry recognized certifications are highly preferred. Security+, CySA+, CISSP, CISM, CEH, GMON, GSEC, GIAC, CCSP, or similar.

Qualifications

• Experience with cybersecurity tools such as Microsoft, Carbon Black, CrowdStrike, sentinel one EDR, Nessus/Tenable, Qualys, Sumo Logic SIEM, Splunk, QRadar, and BeyondTrust, cyber ark PAM.
• Working knowledge of firewalls (Palo Alto, Fortinet, SonicWalls), endpoint protection, IDS/IPS, and Cisco/Meraki networking
• Familiar with Microsoft security tools including Defender, Intune, Purview, and Sentinel
• Understanding of cloud security and platforms like AWS, Azure, or Google Cloud
• Knowledge of security frameworks such as NIST, ISO 27001, and CMMC
• Experience with patch management (e.g., Patch Manager), security awareness training (KnowBe4), and vulnerability scanning
• Basic scripting or programming knowledge (Python, Java preferred)

• Familiarity with container security, API protection, and secure CI/CD practices

Soft Skills

• Strong analytical thinking and problem-solving abilities
• Detail-oriented and able to perform well under pressure
• Excellent communication skills—able to explain technical topics clearly to all audiences
• Strong team player with the ability to work across IT, security, and development teams

Physical Requirements and Working Conditions

•    Works in an office environment

•    Frequently sits for long periods of time

•    Frequently speaks, reads, writes, and uses a computer keyboard

•    May require occasional standing, walking, lifting, stooping, or bending 

This job description is not intended to represent a complete, comprehensive list of all duties and responsibilities that may be required in this position. There may be unplanned activities and other duties as assigned.

RailWorks is North America’s leading track and transit system experts for over 100 years and with 45 offices across the U.S. and Canada. We take on challenging projects every day and our success rely on a collaborative and open-minded work environment that encourages teamwork, positivity, and ingenuity. We are committed to creating a culture of trust, respect, and acceptance. RailWorks also offers opportunities to grow your career, develop your skills and pursue success.

RailWorks is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment with RailWorks without regard to an individual’s sex, race, religion, creed, color, national origin, sexual orientation, gender identity, marital status, age, disability, veteran status or other legally protected characteristics.