Cornerstone Concilium, Inc.

About the Company

Cornerstone Concilium, Inc. is a privately held professional consulting firm formed in 1986 to provide engineering and management consulting services within the facilities, transportation and technology industries. Responding to the increasingly complex and rapidly changing nature of the business environment, we have established a single source organization to provide flexible and responsive services specifically suited to individual client needs for both privately and publicly funded projects.

Listed Jobs

Company Name

Cornerstone Concilium, Inc.

Job Title

Cybersecurity Security Engineer

Job Description

**Job Title:** Cybersecurity Security Engineer **Role Summary:** Develop, implement, and manage comprehensive security solutions for a large public transit agency. The engineer leads strategy updates, governance alignment (NIST CSF), risk assessments, incident response, compliance (PCI DSS, privacy laws, TSA/DHS directives), and audit support. Works closely with internal stakeholders, vendors, and external partners to maintain a secure, compliant environment for payment and transit systems. **Expectations:** - 15+ years of advanced cybersecurity experience, preferably with large transit or comparable organizations. - Proven expertise in SOC operations, cyber forensics, major incident handling, vulnerability assessment, penetration testing, SIEM/SOAR administration, and PCI DSS compliance. - Deep knowledge of transit payment systems (Universal Fare System, Cubic Payment Application) and related regulatory requirements. - Demonstrated ability to develop executive‑level reporting, metrics dashboards, and centralized security registers. - Strong analytical, documentation, and communication skills for executive briefings, vendor due diligence, and audit coordination. **Key Responsibilities:** 1. Update and refine security strategy to counter evolving threats. 2. Maintain governance programs aligned to NIST CSF. 3. Conduct third‑party risk assessments and recommend mitigations. 4. Manage security operations improvements and SOC monitoring. 5. Analyze, estimate, and plan remediation for information‑security incidents. 6. Produce executive‑level reports, strategy documents, and dashboards. 7. Develop and keep a centralized security register. 8. Collaborate with stakeholders to understand risks, system changes, and environment evolution. 9. Implement strong risk‑and‑compliance processes for new and existing deployments. 10. Lead vendor due‑diligence and third‑party security reviews, including contract audit. 11. Support internal/external audits (PCI DSS, privacy, etc.). 12. Create security guidelines, checklists, and official documentation. 13. Document controls, acquisition procedures, and system changes. 14. Monitor regulatory developments and industry trends. 15. Ensure compliance with Equal Employment Opportunity policies. **Required Skills:** - Adversary‑simulation (red‑team), penetration testing, and vulnerability scanning. - SIEM (cloud‑based/on‑prem) administration, alert triage, and actionable remediation. - SOAR platform deployment and orchestration. - SOC monitoring, threat detection, and incident response. - Cyber forensics and major incident handling. - PCI DSS compliance planning and execution. - Familiarity with transit payment infrastructures (UFS, CPA). - Knowledge of TSA/DHS transport directives, DMV rules, and transit‑specific cyber regulations. - Excellent written and verbal communication for executive and stakeholder engagement. **Required Education & Certifications:** - Minimum of two certifications from the following: - Certified Information Systems Security Professional (CISSP) - Certified Information Systems Auditor (CISA) - Certified Information Security Manager (CISM) - GIAC Security Professional (GSEC) - Certified Data Privacy Solutions Engineer (CDPSE) - Cyber Security Nexus (CSX) *(No specific degree requirement specified; professional certifications preferred.)*

Los angeles, United states

Hybrid

Senior

23-10-2025