Senior Engineer, Security Ops

Journey with us! Combine your career goals and sense of adventure by joining our incredible team of employees at Royal Caribbean Group. We are proud to offer a competitive compensation and benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

We are proud to be the vacation-industry leader with global brands — including Royal Caribbean International, Celebrity Cruises and Silversea Cruises — the most innovative fleet and private destinations, and the best people. Together, we are dedicated to turning the vacation of a lifetime into a lifetime of vacations for our guests.

Royal Caribbean Group’s IT - Global Information Security Team has an exciting career opportunity for a full time Senior Engineer, Security Ops reporting to the Director, Security Ops.

Position Summary

The Cyber Defense Operations (CDO) Team is responsible for identifying and managing cyber risks and leading operational remediation projects for both ship and shore. For ships the focus is to reduce risk to passenger, crew, and RCCL shipboard assets. The goal of the CDO Program is to provide cybersecurity architectural and engineering guidance on projects and strategy driven by shoreside business, marine operations, newbuild, and shipboard IT organization to appropriately manage operational, regulatory, and safety risks as well as optimizing investments by reducing future remediation efforts.

The CDO Senior Engineer assists with planning and helps lead the execution of the CDO strategy and program initiatives at RCCL. The role will partner with subject matter experts, peers and leaders across RCCL shore and shipboard lines of business regarding cyber risks.  The role will be an individual contributor providing cyber risk management and assurance expertise so that systems located within or connected to RCCL environments (Shoreside cyber tools, IT hotel operations systems, OT navigation/bridge, and marine engineering), have been implemented and maintained, adhering to cybersecurity guidelines, and corporate information security standards, maritime regulations. This position will assist the manager by mentoring other junior staff on the CDO.  This position will also help influence IT and maritime business units to raise awareness of the cybersecurity space and their role in ensuring the overall safety of our passengers, crew, shoreside systems and maritime IT/OT/ET systems.

Essential Duties and Responsibilities

• Key contributor to the protection of shoreside IT and shipboard IT and OT systems and processes to appropriately reduce existing and emerging risks to RCCL assets
• Technical excellence – Administer systems to deliver high availability & security
• Troubleshooting skills – Identify and fix root causes of failure, with primary focus on firewall, EDR, and proxy issues
• Change Management - Ensure that outages & change requests are correctly documented, prioritized, and closed
• Provide basic support across a variety of security systems
• Ability to specialize – Become an expert in multiple tools so you can solve difficult problems
• Responsible for ensuring CDO runbook’s for all platforms are updated and reviewed annually
• Ability to teach – Help mentor and teach technical skills to other junior members of the CDO team
• Participate in planned normal call rotations and also 24/7 on-call rotations to resolve critical issues
• Assist CDO leadership with the development and collection of platform metrics
• Maintain technical standards, architectural/engineering diagrams, and procedures for shoreside, shipboard and newbuild IT and technology
• Review & understand complex cyber guidelines (NIST) and regulations such as PCI, SOX, BIMCO/CLIA/ICS/INTERCARGO Cybersecurity Guidelines for Ships, U.S. Coast Guard requirements, and International Maritime Organization (IMO)
• Contribute with a high degree of self-sufficiency and resourcefulness on individual and departmental performance objectives
• High degree of motivation to maintain technical skills and cybersecurity knowledge relevant by seeking self-development opportunities such as industry certifications, investing time to learn new skills, and networking with peers in the security industry

Qualifications, Knowledge and Skills

• Bachelor’s degree or equivalent industry experience
• 6+ years of experience within IT industry experience
• 4+ years of experience in information security operations role
• Demonstrated ability to perform independent analysis of complex problems
• Deep technical knowledge in multiple enterprise security tool categories, especially firewalls, VPN, web security proxies, and endpoint security tools
• Prior experience with CMDB, Proxy, firewalls, or EDR systems are strongly preferred
• Broad IT knowledge, including hardware, virtualization, networking, architecture, common protocols, files systems and operating systems
• An ability to communicate complex technical issues to English-speakers from many cultures
• Must have competent verbal and written communication abilities; interpersonal collaborative skills; and the ability to communicate IS and risk-related concepts to technical and non-technical audiences
• Ability to learn methodologies, tools, best practices and processes within specific areas of responsibility
• Decision-making, reporting, communication, and skills
• Understanding of Apple, Linux and Windows Operating systems
• Understanding of TCP/IP networks and the OSI stack
• Industry certifications are a plus
• Demonstrates organizational skills and time management
• Ability to manage multiple tasks / projects while ensuring deadlines are met
• Displays sound judgment with a high level of integrity, ethics and ability to calmly, diplomatically and effectively deal with stressful situations 
• Able to formulate, communicate exceptions/findings and technical solutions
• Demonstrate a degree of creativity with analytical and problem solving skills
• General understanding or experience with some Marine or Industrial Engineering OT systems (ICS, Engine Control, HVAC, Water Treatment, Power Generation & Management) and Navigation Systems (ECDIS, GPS, Dynamic Positioning Systems, Voyage Management Systems) is a plus
• Ability to identify remediation activities based on risk to the overall enterprise
• An understanding of anomaly detection methodologies and tools
• Understanding of cryptographic controls and the application is a plus
• Prior experience or knowledge on WAF and OWASP is a plus
• Will require travel (domestic and international) to perform shipboard & Shoreside cybersecurity work.
• May require travel to marine supplier facilities such as shipyards or Dry Docks

We know there's a lot to consider. As you go through the application process, our recruiters will be glad to provide guidance, and more relevant details to answer any additional questions. Thank you again for your interest in Royal Caribbean Group. We'll hope to see you onboard soon!

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. Royal Caribbean Group and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.

#LI-AS2